mailing list archives
n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution
From: <security () nruns com>
Date: Fri, 16 Oct 2009 10:14:26 +0200
Vendor: Adobe Systems Incorporated, http://www.adobe.com
Affected Products: Adobe Acrobat Reader/Acrobat
Version: 8.1.3 - 8.1.6
Vulnerability: Invalid pointer write could lead to arbitrary
2009/07/22 n.runs sends PoC to Mozilla Security team
2009/07/23 Brandon from Mozilla acknowledges the PoC file
2009/09/27 n.runs asking for status update
2009/09/29 Brandon apologizes the delay and replies he could not
reproduce the issue and asking for more information
2009/10/13 Adobe releases an update for this issue 
2009/10/13 n.runs informs Mozilla an update for the issue was
released by Adobe. n.runs asks if a Bugzilla entry exists
2009/10/13 Brandon replies he have not opened a bug in the Bugzilla
system, as he was not able to reproduce the issue yet, but
is looking at the Adobe advisory to see if there is
further work needed on Mozilla's side
2009/10/15 n.runs releases this advisory
"Adobe revolutionizes how the world engages with ideas and information.
For 25 years, the company's award-winning software and technologies have
redefined business, entertainment, and personal communications by setting
new standards for producing and delivering content that engages people
virtually anywhere at anytime. From rich images in print, video, and
film to dynamic digital content for a variety of media, the impact of
Adobe solutions is evident across industries and felt by anyone who
creates, views, and interacts with information. With a reputation
for excellence and a portfolio of many of the most respected and
recognizable software brands, Adobe is one of the world's largest and
most diversified software companies."
A remotely exploitable vulnerability has been found in
Adobe Acrobat Reader/Acrobat Firefox plugin.
In detail, the following flaw was determined:
- The default settings of Adobe Acrobat Reader/Acrobat have been
applied. A non existing PDF file with-in the <embed> Tag could lead to
an invalid pointer write. This occurs when Adobe's PDF plugin gets
unloaded in a Firefox instance.
An attacker could exploit the vulnerability by constructing a specially
prepared Website. When a user views the Web page, the vulnerability
could allow remote code execution. An attacker who successfully
exploits this vulnerability could gain the same user rights as the
Adobe has issued an update to correct this vulnerability.
For detailed information about the fixes follow the link in
References  section of this document.
Bugs found by Alexios Fakos of n.runs AG.
This Advisory and Upcoming Advisories:
Unaltered electronic reproduction of this advisory is permitted. For
all other reproduction or publication, in printing or otherwise,
contact security () nruns com for permission. Use of the advisory
constitutes acceptance for use in an "as is" condition. All warranties
are excluded. In no event shall n.runs be liable for any damages
whatsoever including direct, indirect, incidental, consequential loss
of business profits or special damages, even if n.runs has been advised
of the possibility of such damages.
- n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution security (Oct 16)