Check Point Advisories

Preemptive Protection against Adobe Reader JavaScript getAnnots Method Memory Corruption Vulnerability

Check Point Reference: CPAI-2009-100
Date Published: 3 May 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA34924
Industry Reference:CVE-2009-1492
Protection Provided by:
Who is Vulnerable? Adobe Systems Acrobat 7.x
Adobe Systems Acrobat 8.x
Adobe Systems Acrobat 9.x
Adobe Systems Adobe Reader 7.x
Adobe Systems Adobe Reader 8.x
Adobe Systems Adobe Reader 9.x
Vulnerability Description A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation of this issue may cause the application to terminate abnormally or allow execution of arbitrary code on a vulnerable system.
Vulnerability DetailsThe memory corruption error is due to insufficient input validation in the implementation of the getAnnots JavaScript method. A remote attacker could trigger this flaw via a specially crafted PDF file that contains Embedded JavaScript. Successful exploitation allows execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK