iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability

iDefense Security Advisory 01.12.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2010 I. BACKGROUND Adobe Reader and Acrobat are Portable Document Format PDF reader and processors. For more information, please visit following pages: http://www.adobe.com/products/reader/...

Memory corruption

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPCMSRGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leadin...

CVE-2009-3955

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPCMSRGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leadin...

Adobe Reader JPEG2000 Region of Interest Memory Corruption (APSB10-02; CVE-2009-3955)

Portable Document Format PDF is an open file format created by Adobe Systems. A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to the way Adobe Reader and Acrobat parse a PDF file containing a malformed Jp2c stream of a JpxDecode encoded da...