Adobe Acrobat JavaScript getIcon method buffer overflow

Added: 03/27/2009
CVE: CVE-2009-0927
BID: 34169

Background

Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.

Problem

A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the JavaScript getIcon method with a long, specially crafted argument.

Resolution

Upgrade to Adobe Acrobat 7.1.1, 8.1.4, or 9.1 or higher as described in APSB09-04.

References

http://www.zerodayinitiative.com/advisories/ZDI-09-014/

Limitations

Exploit works on Adobe Acrobat 9.0 and requires a user to load the exploit file in Adobe Acrobat.

Platforms

Windows XP

Back to exploit index