Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

7887

August 4th, 2010 13:00

Now PATCHED - Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability

The following has been copied/pasted from http://secunia.com/advisories/40766/

Description
Charlie Miller has discovered a [highly critical] vulnerability in Adobe Reader / Acrobat, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the "maxCompositePoints" field value in the "maxp" (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in Adobe Reader versions 8.2.3 and 9.3.3 and Adobe Acrobat version 9.3.3. Other versions may also be affected.

Solution
Do not open untrusted PDF files.

Provided and/or discovered by
Charlie Miller, Independent Security Evaluators.

Original Advisory
Crash analysis with BitBlaze (page 51 - 58):
http://securityevaluators.com/files/papers/CrashAnalysis.pdf

 

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

August 17th, 2010 16:00

Adobe expects to make these updates available on Thursday August 19, 2010.

Note:   In addition to the "overflow" vulnerability cited above, the update will also include a revised version of Reader's "Flash Player", authplay.dll , incorporating the fixes recently made in the stand-alone Flash Player.

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

August 19th, 2010 15:00

The patches are now available:

for the patches, in general (for various versions):  http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

for the sequential patch, which (starting with reader 9.3.3) upgrades to 9.3.4 http://www.adobe.com/support/downloads/detail.jsp?ftpID=4761

 

Alternatively,  you should be able to update via Reader's internal update function.

POST SCRIPT:  Secunia's PSI is acknowledging that Reader is (for the time being) secure again...

Dermot.Hanley

4 Posts

January 27th, 2011 13:00

The patches are now available:

for the patches, in general (for various versions): http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

for the sequential patch, which (starting with reader 9.3.3) upgrades to 9.3.4 http://www.adobe.com/support/downloads/detail.jsp?ftpID=4761

Alternatively, you should be able to update via Reader's internal update function.

POST SCRIPT: Secunia's PSI is acknowledging that Reader is (for the time being) secure again...


Thanks for your effort! It's good for reference, Now I understand more about it.

Was this post helpful?

View All

0 events found

No Events found!

Top