HighIBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, RealSecure Server Sensor, RealSecure Network, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a JBIG2 file with excessively large values that cause an integer overflow that is mishandled by vulnerable versions of Acrobat Reader, leading to possible execution of remote code specified by an attacker.
This signature detects a JBIG2 file with excessively large values that cause an integer overflow that is mishandled by vulnerable versions of Adobe products, leading to possible execution of remote code specified by an attacker.
High
IBM Security Server Protection for Windows: 1.0.914.2370, IBM Security Server Protection for Windows: 2.0.300.2370, Proventia Network IDS: XPU 29.030, Proventia-G 1.1 and earlier: XPU 29.030, Proventia Network MFS: XPU 29.030, RealSecure Server Sensor: XPU 29.030, RealSecure Network: XPU 29.030, Proventia Network IPS: XPU 29.030, Proventia Desktop: 2370, Proventia Server IPS for Linux technology: 29.030, IBM Security Server Protection for Windows: 2.1.14.2400, Virtual Server Protection for Vmware: 1.0
Gentoo Linux, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Novell OpenSUSE: 10.3, Novell OpenSUSE: 11.0, Novell SUSE Linux Enterprise Desktop: 10 SP2, RedHat RHEL Supplementary: 5.3.z EUS, Adobe Acrobat Reader: 9.0, Adobe Acrobat Reader: 9, Adobe Acrobat Professional: 9.0.0, Adobe Acrobat: 9.0, Adobe Acrobat Reader: 9.1, Adobe Acrobat: 9.1, RedHat Red Hat Enterprise Linux: 4.8.z Extras
Unauthorized Access Attempt
Adobe Acrobat and Reader are vulnerable to a buffer overflow, caused by improper bounds checking when parsing a malformed JBIG2 image stream embedded within a PDF document. By persuading a victim to open a malicious PDF file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Refer to APSB09-03 for patch, upgrade or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Adobe Security Bulletin APSB09-07
Security Updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb09-07.html
IBM Internet Security Systems Protection Advisory
Multiple JBIG2 Vulnerabilities in Adobe Acrobat and Adobe Reader
http://www.iss.net/threats/327.html
NORTEL BULLETIN ID: 2009009587, Rev 1
Nortel Response to APSB09-07 Adobe Quarterly Security Update for June 2009
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=944212&poid=
ISS X-Force
Adobe Acrobat and Reader Text Region buffer overflow
http://www.iss.net/security_center/static/49239.php
CVE
CVE-2009-0509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0509