Adobe Acrobat and Reader Remote code Execution Vulnerability

» IDS/IPS Signatures

iPolicy Networks Security Advisory

Adobe Acrobat and Reader Remote code Execution Vulnerability


Date Discovered:	02/22/2010
Severity:	High
Application Affected:	Adobe Acrobat prior to 8.2.1 Adobe Acrobat prior to 9.3.1 Adobe Reader prior to 9.3
Type:	Remote
Identifiers:	CVE-2010-0188

Synopsis

Adobe Acrobat and Reader are prone to a remote code execution vulnerability, which could be exploited to compromise a vulnerable system.

Recommended Actions

Update the patches as guided by vendor at :
http://www.adobe.com/support/security/bulletins/apsb10-07.html

Threat Analysis

Adobe Acrobat and Reader are well known portable document format reader applications developed by Adobe Systems. There exists a remote code execution vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1

The flaw exists due to a memory corruption error in the "authplay.dll" module when processing malformed PDF document. Successful exploitation may allow remote attackers to execute arbitrary code or cause a denial of service condition or possibly crash application via a specially crafted PDF file.

References

http://www.securityfocus.com/bid/38195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0188

Write-up by: Dheeraj Johri

3