Adobe APSA10-02 Zero-Day Vulnerability in Reader and Acrobat
(Adobe Security Advisory APSA10-02, CVE-2010-2883)
Summary
Adobe has released a zero-day advisory that describes a critical vulnerability in the cooltype.dll component used by the Reader and Acrobat products. The flaw, which is already being exploited, allows attackers to execute malicious code on an affected machine via a specially crafted PDF file. Adobe has not yet announced a fix or when it will be available.
Details
Adobe Reader and Acrobat are applications developed by Adobe Systems for viewing, creating, manipulating, and managing documents using Adobe's Portable Document Format (PDF) core technology. Adobe Reader and Acrobat are widely used by government organizations, corporations, and individuals around the world.
The vulnerability is due to a stack-based buffer overflow issue in the cooltype.dll component used by Reader and Acrobat. Attackers can exploit this flaw via a maliciously crafted PDF file that contains a long field in the Smart INdependent Glyphets (SING) table of a TrueType font embedded in the document. Opening such a file can allow execution of arbitrary code on the affected system.
Affected Products
This vulnerability exists in Adobe Reader and Acrobat versions 9.3.4 and earlier.
Solution
Check Point IPS Software Blade and SmartDefense provide immediate network protection in the latest IPS Update by detecting and blocking the transferring of specially crafted PDF files over HTTP. For more information, see CPAI-2010-267.
Published September 14, 2010