Lucene search

K
saintSAINT CorporationSAINT:AFE3E3BE3BB3652683F3F01263CCE593
HistoryMar 27, 2009 - 12:00 a.m.

Adobe Acrobat JavaScript getIcon method buffer overflow

2009-03-2700:00:00
SAINT Corporation
www.saintcorporation.com
31

EPSS

0.975

Percentile

100.0%

Added: 03/27/2009
CVE: CVE-2009-0927
BID: 34169

Background

Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.

Problem

A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the JavaScript getIcon method with a long, specially crafted argument.

Resolution

Upgrade to Adobe Acrobat 7.1.1, 8.1.4, or 9.1 or higher as described in APSB09-04.

References

<http://www.zerodayinitiative.com/advisories/ZDI-09-014/&gt;

Limitations

Exploit works on Adobe Acrobat 9.0 and requires a user to load the exploit file in Adobe Acrobat.

Platforms

Windows XP