n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2009.007 15-Oct-2009 _______________________________________________________________________ Vendor: Adobe Systems Incorporated, http://www.adobe.com Affected Products: Adobe Acrobat Reader/Acrobat Version: 8.1.3 - 8.1.6 Platform: Windows Vulnerability: Invalid pointer write could lead to arbitrary code execution Risk: HIGH CVE: CVE-2009-2991 _______________________________________________________________________ Vendor communication: 2009/07/22 n.runs sends PoC to Mozilla Security team 2009/07/23 Brandon from Mozilla acknowledges the PoC file 2009/09/27 n.runs asking for status update 2009/09/29 Brandon apologizes the delay and replies he could not reproduce the issue and asking for more information 2009/10/13 Adobe releases an update for this issue [1] 2009/10/13 n.runs informs Mozilla an update for the issue was released by Adobe. n.runs asks if a Bugzilla entry exists 2009/10/13 Brandon replies he have not opened a bug in the Bugzilla system, as he was not able to reproduce the issue yet, but is looking at the Adobe advisory to see if there is further work needed on Mozilla's side 2009/10/15 n.runs releases this advisory _______________________________________________________________________ Overview: Quoting http://www.adobe.com/aboutadobe/pressroom/pdfs/profile.pdf: "Adobe revolutionizes how the world engages with ideas and information. For 25 years, the company's award-winning software and technologies have redefined business, entertainment, and personal communications by setting new standards for producing and delivering content that engages people virtually anywhere at anytime. From rich images in print, video, and film to dynamic digital content for a variety of media, the impact of Adobe solutions is evident across industries and felt by anyone who creates, views, and interacts with information. With a reputation for excellence and a portfolio of many of the most respected and recognizable software brands, Adobe is one of the world's largest and most diversified software companies." Description: A remotely exploitable vulnerability has been found in Adobe Acrobat Reader/Acrobat Firefox plugin. In detail, the following flaw was determined: - The default settings of Adobe Acrobat Reader/Acrobat have been applied. A non existing PDF file with-in the Tag could lead to an invalid pointer write. This occurs when Adobe's PDF plugin gets unloaded in a Firefox instance. Impact An attacker could exploit the vulnerability by constructing a specially prepared Website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploits this vulnerability could gain the same user rights as the logged-on user. Solution: Adobe has issued an update to correct this vulnerability. For detailed information about the fixes follow the link in References [1] section of this document. _______________________________________________________________________ Credit: Bugs found by Alexios Fakos of n.runs AG. _______________________________________________________________________ References: [1] http://www.adobe.com/support/security/bulletins/apsb09-15.html This Advisory and Upcoming Advisories: http://www.nruns.com/security_advisory.php _______________________________________________________________________ Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact security@nruns.com for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages. Copyright 2009 n.runs AG. All rights reserved. Terms of use apply.