Preemptive Protection against Adobe Reader JavaScript getAnnots Method Memory Corruption Vulnerability
| Check Point Reference: | CPAI-2009-100 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA34924 | |
| Industry Reference(s): | CVE-2009-1492 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Adobe Systems Acrobat 7.x Adobe Systems Acrobat 8.x Adobe Systems Acrobat 9.x Adobe Systems Adobe Reader 7.x Adobe Systems Adobe Reader 8.x Adobe Systems Adobe Reader 9.x | ||
| Vulnerability Description A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation of this issue may cause the application to terminate abnormally or allow execution of arbitrary code on a vulnerable system. |
||
|
Vulnerability Details The memory corruption error is due to insufficient input validation in the implementation of the getAnnots JavaScript method. A remote attacker could trigger this flaw via a specially crafted PDF file that contains Embedded JavaScript. Successful exploitation allows execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system. |
Protection Overview
This protection will detect and block any attempt to transfer over HTTP PDF files that contain embedded JavaScript. No update is required to address this vulnerability.
Users are protected against this vulnerability if the protection for blocking PDF containing embedded JavaScript files in the Protection section of SBP-2008-02 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.