===================================================================== = Malformed Acrobat Distiller 8 .joboptions = = Vendor Website: = http://www.adobe.com = = Affected Version: = Adobe Acrobat Reader, Acrobat Professional 7, Acrobat Professional 8 = = Vendor Notified - February 2007 = Public Disclosure - May 2008 = http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_D istiller_Malformed_joboptions_File.pdf =====================================================================
== Overview == Another day, another file format bug, nothing to see here, move along..
Security-Assessment.com discovered multiple heap based overflow flaws within Acrobat Distiller 8 which under certain circumstances can be used to execute arbitrary code. The vulnerability was found within the .joboptions file type. An auto-opening PDF quality settings file extension used by Acrobat Distiller.
Font names stored within the parameters /AlwaysEmbed and /NeverEmbed both produce a heap based overflow when a large (160+ char) font name is supplied.
Acrobat 8 professional and any other Adobe suite which contains Acrobat Distiller acrodist.exe (Such as CS3) is vulnerable to this issue.
Original Vendor Advisories: http://www.adobe.com/support/security/bulletins/apsb08-13.html http://www.adobe.com/support/security/advisories/apsa08-01.html
== Solutions == Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2 available here: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849.
== Credit == Discovered and advised to Adobe February , 2007 by Paul Craig of Security-Assessment.com - Paul.Craig<at>Security-Assessment.com
== Greetings == Past and present Security-Assessment.com members. The .NZ Security Scene KiwiCon '08 (www.kiwicon.org)
== About Security-Assessment.com == Security-Assessment.com is New Zealand's leading team of Information security consultants specialising in providing high quality Information and Security services to clients throughout the Asia Pacific region. Our clients include some of the largest globally recognised companies in areas such as finance, telecommunications, broadcasting, legal and government. Our aim is to provide the best independent advice and a high level of technical expertise while creating long and lasting professional relationships with our clients.
Security-Assessment.com is committed to security research and development, and its team continues to identify and responsibly publish vulnerabilities in public and private software vendor's products. Members of the Security-Assessment.com R&D team are globally recognised through their release of whitepapers and presentations related to new security research.