Adobe_Reader_Util_Printf_Function_Buffer_Overflow

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory

Adobe Reader Util Printf Function Buffer Overflow Attempt


Date Discovered:	11/04/2008
Severity:	High
Applications Affected:	Adobe Acrobat Reader 8.1.2
Type	Remote
Identifiers	CVE-2008-2992
Vendor	Adobe

Synopsis

Vulnerability has been discovered in Adobe Acrobat Reader. This allows remote attackers to perform buffer overflow attack with respect to the vulnerable version of the application.

Recommended Action

Vendor has released the updated version of the application.
http://www.adobe.com/go/getreader

Threat Analysis

Adobe Acrobat Reader allows users to view, navigate, browse, and print portable document format (PDF) files. Recently there is a vulnerability found in it, which can be exploit by remote attacker to perform buffer overflow attack.

This vulnerability exists because application failed while parsing a specially crafted PDF file. Problem lies because of boundary error when parsing format strings containing a floating point specifier in the "util.printf()" javascript function.

Remote attacker can exploit this vulnerability via crafting a PDF file embedded with malicious javascript function code and then entice the user to download this malicious file.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2992
http://www.coresecurity.com/content/adobe-reader-buffer-overflow
http://secunia.com/advisories/29773
http://www.securityfocus.com/bid/32091

Write-up by: Vikrant

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |