Intrusion Prevention

Adobe.Reader.JBIG2.Stream.Index.Code.Execution

Description

Adobe Acrobat is a family of application software developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF). Adobe Reader enables users to view and print PDF files but has negligible PDF creation capabilities. Acrobat and Reader are widely used as a way to present information with a fixed layout similar to a paper publication.
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
This vulnerability is caused by improper bounds checking when parsing a malformed JBIG2 image stream embedded within a PDF document. By passing crafted JBIG2 Image Stream, an attacker can execute arbitrary code on a vulnerable computer. To exploit this the attacker must trick the victim into opening a maliciously crafted PDF document.

Affected Products

Adobe Acrobat Standard older than 7.1.1
Adobe Acrobat Standard older than 8.1.4
Adobe Acrobat Standard older than 9.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrades or patches from the vendor:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
For FortiGate IPS users, turning on the Adobe.Acrobat.JBIG2.Stream.Indexing.Overflow IPS signature can prevent exploitation of this vulnerability.

CVE References

CVE-2009-0658