Secunia

Customer Area icon help

Need help?

Try CSI

Download PSI icon Scan now

Scan Now

Community

Advisories

Database Search Advisories by Product Advisories by Vendor Terminology Report vulnerability

Research Forum My Profile Our Commitment

Community Login

Register now
Forgot password?

Secunia Advisory SA40766

Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability

Secunia Advisory

SA40766

Get alerted and manage the vulnerability life cycle

Free Trial

Release Date

2010-08-04

Popularity

1,426 view

Comments

0 comments

Criticality level

Highly critical

Impact

System access

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Unpatched

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Software:

Adobe Acrobat 3D 8.x

Adobe Acrobat 8 Professional

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

No CVE references.

Description
Charlie Miller has discovered a vulnerability in Adobe Reader / Acrobat, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the "maxCompositePoints" field value in the "maxp" (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in Adobe Reader versions 8.2.3 and 9.3.3 and Adobe Acrobat version 9.3.3. Other versions may also be affected.

Solution
Do not open untrusted PDF files.

Provided and/or discovered by
Charlie Miller, Independent Security Evaluators.

Original Advisory
Crash analysis with BitBlaze (page 51 - 58):
http://securityevaluators.com/files/papers/CrashAnalysis.pdf

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability

No posts yet

You must be logged in to post a comment.

Reverse Engineer

Latest advisories

New advisories: 3
New vulnerabilities: 9
Updated advisories: 6

78 views
Ubuntu update for kernel

82 views
EMC Celerra Unified Storage Platforms Insecure NFS Export Security Issue

90 views
Red Hat update for gnupg2

1,426 views
Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability

413 views
OpenOffice.org Impress Two Vulnerabilities

221 views
Rockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability

213 views
Debian update for lftp

328 views
WordPress NextGEN Smooth Gallery Plugin "galleryID" SQL Injection Vulnerability

438 views
avast! Internet Security "aswFW.sys" IOCTL Handling Denial of Service

See all