Adobe Reader JavaScript printSeps Vulnerability
( APSB10-28, CVE-2010-4091 )
Summary
A heap corruption vulnerability exits in the way Adobe Acrobat and Reader handle specially crafted PDF files. A remote attacker may exploit this issue via PDF files that contain JavaScript. Successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable system.
Details
Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent, fixed-layout format.
The vulnerability is due to a special Adobe Reader specific extension, the "printSeps" JavaScript function. A remote attacker may exploit this issue by specially crafting a PDF file that contains JavaScript code calling the printSeps function. Successful exploitation of this vulnerability will cause the application to crash, allowing execution of arbitrary code on a vulnerable system.
Affected Products
This issue exists in
- Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh, and UNIX
- Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh
Solution
Adobe released updates for Adobe Reader and Acrobat on November 16, 2010 that fix a number of vulnerabilities including this one. Check Point IPS Software Blade provides network protection for unpatched systems in the latest IPS Update by detecting and blocking PDF files that contain the printSep JavaScript function. For more information, see CPAI-2010-316.
Originally Published:
Last Updated: 16-Nov-2010