Adobe Reader FlateDecode filter TIFF Predictor integer overflow
Added: 10/27/2009CVE: CVE-2009-3459
BID: 36600
OSVDB: 58729
Background
Adobe Reader is free software for viewing PDF documents.Problem
An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed objects which use the TIFF predictor.Resolution
Upgrade to Adobe Reader 9.2 or higher.References
http://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.us-cert.gov/cas/techalerts/TA09-286B.html
Limitations
Exploit works on Adobe Reader 9.1 and requires a user to open the exploit file in Adobe Reader.Due to the nature of the vulnerability, the success of the exploit depends on the state of the target.
Platforms
WindowsBack to exploit index