HighIBM Security Server Protection for Windows, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, RealSecure Network, RealSecure Server Sensor, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects an image file with a grid that cause invalid memory operations in vulnerable versions of software, leading to possible execution of remote code specified by an attacker.
High
IBM Security Server Protection for Windows: 1.0.914.2380, IBM Security Server Protection for Windows: 2.0.300.2380, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network IDS: XPU 29.040, Proventia Network MFS: XPU 29.040, Proventia-G 1.1 and earlier: XPU 29.040, RealSecure Network: XPU 29.040, RealSecure Server Sensor: XPU 29.040, Proventia Desktop: 2380, Proventia Network IPS: XPU 29.040, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 29.040
Gentoo Linux, Sun Solaris: 10 SPARC, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, RedHat RHEL Supplementary: 5.3.z EUS, Adobe Acrobat Reader: 9.0, Adobe Acrobat Reader: 9, Adobe Acrobat Professional: 9.0.0, Adobe Acrobat: 9.0, Adobe Acrobat Reader: 9.1, Adobe Acrobat: 9.1, RedHat Red Hat Enterprise Linux: 4.8.z Extras
Unauthorized Access Attempt
Adobe Acrobat and Reader are vulnerable to a buffer overflow, caused by a memory corruption vulnerability due to failure to adequately check integers read from the Halftone Region Grid Area of the JBIG segments embedded in the file. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Refer to Adobe Security Bulletin APSB09-07 for patch, upgrade or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Adobe Security Bulletin APSB09-07
Security Updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb09-07.html
IBM Internet Security Systems Protection Advisory
Multiple JBIG2 Vulnerabilities in Adobe Acrobat and Adobe Reader
http://www.iss.net/threats/327.html
NORTEL BULLETIN ID: 2009009587, Rev 1
Nortel Response to APSB09-07 Adobe Quarterly Security Update for June 2009
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=944212&poid=
Sun Alert ID: 265330
Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) (Adobe Security Bulletin APSB09-07)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265330-1
ISS X-Force
Adobe Acrobat and Reader Halftone Region Grid Area buffer overflow
http://www.iss.net/security_center/static/49269.php
CVE
CVE-2009-0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0889