Adobe Reader Javascript API spell.customDictonaryOpen memory corruption

Added: 05/12/2009
CVE: CVE-2009-1493
BID: 34740
OSVDB: 54129

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A memory corruption vulnerability in the Javascript API in Adobe Reader allows command execution when a user opens a specially crafted PDF file which calls the spell.customDictionaryOpen method.

Resolution

Apply the patches referenced in APSB09-06.

References

http://www.kb.cert.org/vuls/id/970180

Limitations

Exploit works on Adobe Reader 8.1.3 and 9.1 on Ubuntu 8.04.1 and Red Hat Enterprise Linux 5 with Exec-Shield enabled. Note that binary files AdbeRdr9.1.0-1_i486linux_enu.bin and AdobeReader_enu-8.1.3-1.i486.tar.gz from the official site of the vendor were used to develop this exploit.

Platforms

Linux

Back to exploit index