Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Adobe Reader and Acrobat PDF Font Data Length Heap Corruption Vulnerability (APSB11-03)

Subscribe

Check Point Reference: CPAI-2011-066
Date Published:
Severity:
Source: Adobe Security Bulletin APSB11-03 
Industry Reference(s): CVE-2011-0594
Protection Provided by: Security Gateway
  • R75
  • R71
  • R70
Who is Vulnerable?
Adobe Reader X (10.0) and earlier versions for Windows and Macintosh 
Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX 
Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh
Vulnerability Description
A heap corruption vulnerability has been reported in Adobe Reader and Acrobat. Adobe Reader and Acrobat is a family of computer programs developed by Adobe Systems, designed to view, create, manipulate and manage files in Adobe's core technology, the Portable Document Format (PDF), a format that has become the de facto standard in the electronic document exchange. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system.
Vulnerability Status
Update/Patch Available
Adobe has released an advisory to address this vulnerability.
Vulnerability Details
The vulnerability is due to the way Adobe Reader and Acrobat parse a PDF file containing malformed font data. A remote attacker could trigger this issue via a specially crafted PDF file. Successful exploitation will create a denial of service condition, causing the application to become non-responsive, and may allow execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system.

Protection Overview
This protection detects and blocks the transferring of specially crafted PDF files over HTTP. 

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05Protection taband select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information

Security Gateway: R75

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > IPS Software Blade Application Intelligence > Content Protection > Adobe Reader and Acrobat.
2. In the right pane, double-click the Adobe Reader PDF Font Data Length Heap Corruption (APSB11-03)  protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: 

Attack Name: Adobe Reader Violation
Attack Information: Adobe Reader PDF font data length heap corruption (APSB11-03)

Security Gateway: R70/R71

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > Content Protection > Adobe Reader and Acrobat.
2. In the right pane, double-click the Adobe Reader PDF Font Data Length Heap Corruption (APSB11-03)  protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries: 

Attack Name: Adobe Reader Violation
Attack Information: Adobe Reader PDF font data length heap corruption (APSB11-03)