Adobe Acrobat and Reader JBIG2 image stream buffer overflow (AdobeAcrobatReaderImageBo)

Adobe Acrobat and Reader JBIG2 image stream buffer overflow (AdobeAcrobatReaderImageBo)

Vuln ID:	48825
Risk Level:	High	AdobeAcrobatReaderImageBo
Platforms:	Novell Linux Desktop: 9, Adobe Acrobat Reader: 7.0, Adobe Acrobat Reader: 7.0.1, Adobe Acrobat Reader: 7.0.2, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Adobe Acrobat Reader: 8.0, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Adobe Acrobat Reader: 8.1.2, Adobe Acrobat Reader: 7.0.3, Adobe Acrobat Reader: 7.0.4, Adobe Acrobat Reader: 7.0.5, Adobe Acrobat Reader: 7.0.6, Adobe Acrobat Reader: 7.0.7, Adobe Acrobat Reader: 7.0.8, Adobe Acrobat Reader: 7.0.9, Adobe Acrobat Reader: 8.1, Novell OpenSUSE: 10.3, Adobe Acrobat Reader: 8.1.1, Adobe Acrobat: 7.0 Standard, Adobe Acrobat: 7.0 Professional, Adobe Acrobat: 7.0.1 Standard, Adobe Acrobat: 7.0.1 Professional, Adobe Acrobat: 7.0.2 Standard, Adobe Acrobat: 7.0.2 Professional, Adobe Acrobat: 7.0.3 Standard, Adobe Acrobat: 7.0.3 Professional, Adobe Acrobat: 7.0.4 Standard, Adobe Acrobat: 7.0.4 Professional, Adobe Acrobat: 7.0.5 Standard, Adobe Acrobat: 7.0.5 Professional, Adobe Acrobat: 7.0.6 Standard, Adobe Acrobat: 7.0.6 Professional, Adobe Acrobat: 7.0.7 Standard, Adobe Acrobat: 7.0.7 Professional, Adobe Acrobat: 7.0.8 Standard, Adobe Acrobat: 7.0.8 Professional, Adobe Acrobat: 7.0.9 Standard, Adobe Acrobat: 7.0.9 Professional, Novell OpenSUSE: 11.0, Adobe Acrobat: 8.0 Standard, Adobe Acrobat: 8.1 Standard, Adobe Acrobat: 8.1.1 Standard, Adobe Acrobat: 8.1.2 Standard, Adobe Acrobat: 8.0 Professional, Adobe Acrobat: 8.1 Professional, Adobe Acrobat: 8.1.1 Professional, Adobe Acrobat: 8.1.2 Professional, Novell SUSE Linux Enterprise Desktop: 10 SP2, RedHat RHEL Supplementary: 5.3.z EUS, Adobe Acrobat: 9.0 Professional, Adobe Acrobat: 9.0 Professional Extended, Adobe Acrobat Reader: 9.0, Adobe Acrobat: 9.0 Standard, RedHat Red Hat Enterprise Linux: 4.7.z Extras, Turbolinux Client: 2008
Description:	Adobe Acrobat and Reader are vulnerable to a buffer overflow, caused by improper bounds checking when parsing a malformed JBIG2 image stream embedded within a PDF document. By persuading a victim to open a malicious PDF file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Remedy:	Refer to APSB09-03 for patch, upgrade or suggested workaround information. See References. For other distributions: Apply the appropriate update for your system. See References.
False Positives:
False Negatives:
Required Permission:	Windows login
Additional Information:
References:	APSA09-01 Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat http://www.adobe.com/support/security/advisories/apsa09-01.html Shadowserver Foundation Blog, February 19, 2009, at 03:03 PM When PDFs Attack - Acrobat [Reader] 0-Day On the Loose http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 IBM Internet Security Systems Protection Alert - Feb. 20, 2009 Adobe Reader and Adobe Acrobat JBIG2 Image Stream Remote Code Execution http://www.iss.net/threats/319.html US-CERT Technical Cyber Security Alert TA09-051A Adobe Acrobat and Reader Vulnerability http://www.us-cert.gov/cas/techalerts/TA09-051A.html APSB09-03 Security Updates available for Adobe Reader 9 and Acrobat 9 http://www.adobe.com/support/security/bulletins/apsb09-03.html NORTEL BULLETIN ID: 2009009391, Rev 1 Nortel Response to Adobe APSA09-01 - Buffer overflow issue in v9.0 and earlier of Adobe Reader and Acrobat: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=844248&poid= ISS X-Force Adobe Acrobat and Reader JBIG2 image stream buffer overflow http://www.iss.net/security_center/static/48825.php CVE CVE-2009-0658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658

Know Your Risks

Common Vulnerabilties & Exposures