Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Adobe Reader and Acrobat Image Texture Malformed BMP File Memory Corruption Vulnerability (APSB11-03)

Subscribe

Check Point Reference: CPAI-2011-056
Date Published:
Severity:
Source: Adobe Security Bulletin APSB11-03 
Industry Reference(s): CVE-2011-0592
CVE-2011-0596
Protection Provided by: Security Gateway
  • R75
  • R71
  • R70
Who is Vulnerable?
Adobe Reader X (10.0) and earlier versions for Windows and Macintosh 
Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX 
Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh
Vulnerability Description
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. Adobe Acrobat and Reader products include a plugin to parse the U3D image files inside PDF documents. The Universal 3D format can link to external image files, for example in BMP format, that provide texture data for the 3D objects. BMP is an image file format used to store bitmap digital images. A remote attacker could exploit this issue via a malformed BMP file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system.
Update/Patch Available
Adobe has released an advisory to address this vulnerability. 
Vulnerability Details
The vulnerability is due to a 3D file parsing input validation error in Adobe Reader and Acrobat when parsing an external texture file in BMP format. A remote attacker could trigger this issue via a specially crafted BMP file that uses run-length encoding for its pixel data. Successful exploitation will create a denial of service condition, causing the application to become non-responsive, and may allow execution of arbitrary code once a malicious file is loaded on a vulnerable system.

Protection Overview
This protection detects and blocks the transferring of specially crafted BMP files over HTTP. 

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05Protection taband select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R75

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > IPS Software Blade Application Intelligence > Content Protection > Adobe Reader and Acrobat.
2. In the right pane, double-click the Adobe Reader Image Texture Malformed BMP File Memory Corruption (APSB11-03)  protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: 

Attack Name: Adobe Reader Violation
Attack Information: Adobe Reader image texture malformed BMP file memory corruption (APSB11-03)

Security Gateway: R70/R71

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > Content Protection > Adobe Reader and Acrobat.
2. In the right pane, double-click the Adobe Reader Image Texture Malformed BMP File Memory Corruption (APSB11-03) protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: 

Attack Name: Adobe Reader Violation
Attack Information: Adobe Reader image texture malformed BMP file memory corruption (APSB11-03)