Adobe Acrobat JavaScript getIcon method buffer overflow

2009-03-27T00:00:00
ID SAINT:AFE3E3BE3BB3652683F3F01263CCE593
Type saint
Reporter SAINT Corporation
Modified 2009-03-27T00:00:00

Description

Added: 03/27/2009
CVE: CVE-2009-0927
BID: 34169

Background

Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.

Problem

A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the JavaScript getIcon method with a long, specially crafted argument.

Resolution

Upgrade to Adobe Acrobat 7.1.1, 8.1.4, or 9.1 or higher as described in APSB09-04.

References

<http://www.zerodayinitiative.com/advisories/ZDI-09-014/>

Limitations

Exploit works on Adobe Acrobat 9.0 and requires a user to load the exploit file in Adobe Acrobat.

Platforms

Windows XP