Preemptive Protection Against Adobe Memory Corruption Vulnerability

(CVE-2009-1492)
A vulnerability was detected in Adobe Reader and Adobe Acrobat. This vulnerability affects all currently supported versions of this software.

The memory corruption error is due to insufficient input validation in the implementation of the getAnnots JavaScript method. A remote attacker can trigger this flaw via a specially-crafted PDF file that contains embedded JavaScript. Successful exploitation allows execution of arbitrary code when a malicious PDF file is loaded on a vulnerable system.

Although the vulnerability was announced April 27th, Adobe does not plan to provide a patch until May 12th. Check Point has offered a protection against this vulnerability since February 2008. This preemptive protection detects and blocks any attempt to transfer PDF files that contain embedded JavaScript over HTTP. For more information see CPAI-2009-100.