Your security, networking, programming, and application news source.

Thursday, November 6, 2008

Adobe Reader Exploite Using Java Script


  Core Security Technologies reported a critical vulnerability to Adobe about it's Adobe Reader. Adobe has already released an update to address the vulnerability in version 8.1.2. The vulnerability was found in Foxit Reader (CVE-2008-1104) and later successfully tried in Adobe Reader. Adobe Reader and Foxit Reader both have different security approaches that lead people to think Adobe Reader wouldn't be affected.

Foxit Reader 2.3 build 2825 security bulletin from Secunia Research details the following:

"The vulnerability is caused due to a boundary error when parsing
format strings containing a floating point specifier in the
"util.printf()" JavaScript function. This can be exploited to cause a
stack-based buffer overflow via a specially crafted PDF file."
(Secunia Research, May 20, 2008)

Help Net Security's coverage of the Adobe Reader vulnerability added that the util.printf() function "converts the argument it receives to a String, using only the first 16 digits of the argument and padding the rest with a fixed value of “0” (0x30). By passing an overly long and properly formatted command to the function, it is possible to overwrite the program’s memory and control its execution flow."(Help Net Security)

Help Net Security - Critical vulnerability in Adobe Reader (Nov 4, 2008)

Security Focus - Secunia Research: Foxit Reader "util.printf()" Buffer Overflow.
(May 20 2008)

No comments:

Post a Comment