Adobe Vulnerability Attacks:
Proactive PDF Protection

A buffer overflow vulnerability in Adobe Reader and Acrobat has been exploited by a number of reported attacks in the wild.  The vulnerability deals with Adobe Reader and Acrobat failing to sufficiently validate embedded JBIG2 streams within PDF documents, allowing an attacker to use a maliciously-crafted PDF document to gain access to a vulnerable system.

Attack Impact

With millions of copies of Adobe Reader and Adobe Acrobat installed on multiple operating systems, this vulnerability could allow hackers access to a very large number of computers, particularly those in corporate environments. Adobe is aware of this issue, but does not plan to issue a patch for version 9 of their products until March 11th. Other versions will be patched at a later date.

Protection and Recommendations

Check Point has provided a protection that blocks these exploits since February 2008. Since there is currently no Adobe patch for this vulnerability, and when the patch does come out applying it to all vulnerable computers may take weeks for some organizations, Check Point recommends that companies augment their patching process with integrated intrusion prevention systems. These can be deployed both at the network perimeter and at internal locations, separating the company’s network into segments. Check Point SmartDefense and the new Check Point IPS Software Blade provide protection against these attacks.

For more information about Check Point enterprise protections, see SBP-2009-04.

Consumers are protected through Check Point’s ZoneAlarm ForceField product.