Trend Micro has warned against buffer overflow vulnerability in versions 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the programs to crash, as well as allow a remote user to execute malicious code on an affected system. Trend Micro Security Advisory rated this vulnerability as critical.
It exploits vulnerability in a non-javascript function call. However, JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat/Reader.
Trend Micro identified different malware related to this vulnerability in older versions of Adobe Acrobat and Adobe readers.
Compromising System Security
Explaining how these malware exploit the vulnerability to actually compromise system security, Amit Nath, country manager – India and SAARC, Trend Micro, said, “For example, the Trojan TROJ_PIDIEF.IN takes advantage of Adobe Vulnerability CVE-2009-0658 – an array indexing error when processing a malformed JBIG2 stream within a PDF document. It could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially-crafted PDF file.”
Nath said, “Since Acrobat integrates seamlessly with popular web browsers, simply clicking on a seemingly-safe PDF file on a website may be enough to cause Acrobat to load PDF content on your computer. This way, all that an attacker needs to do to exploit these vulnerabilities is to convince gullible users of the (fake) authenticity of the specially-crafted Adobe Portable Document Format (PDF) file and coax them into opening it.”
Trend Micro advised people to refrain from using these products until the appropriate patches have been installed. For Trend Micro users all detections are currently available in official pattern and suggested users to keep Trend Micro products up-to-date with the current pattern.
As of March 10, 2009, Adobe has recommended users of Adobe Reader and Acrobat 9 to update to the latest versions Adobe Reader 9.1 and Acrobat 9.1. As per the latest available information, updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, are expected to be launched by Adobe by March 18. Adobe Reader 9.1 for Unix is also likely to be made available by March 25.