Adobe Reader JBIG2 image stream buffer overflow

Added: 02/27/2009
CVE: CVE-2009-0658
BID: 33751
OSVDB: 52073

Background

Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.

Problem

A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a specially crafted JBIG2 image stream.

Resolution

Apply the update referenced in APSA 09-01 when available.

References

http://www.us-cert.gov/cas/techalerts/TA09-051A.html

Limitations

Exploit works on Adobe Reader 8.1.2 and requires a user to open the exploit PDF file in Adobe Reader.

Due to the nature of the vulnerability, the success of this exploit depends on the state of the target system.

Platforms

Windows 2000

Back to exploit index