HighProventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects an image file with pattern definitions that cause invalid memory operations in vulnerable versions of software, leading to possible execution of remote code specified by an attacker.
High
Proventia Network IPS: XPU 29.040, Proventia Desktop: 2380, RealSecure Server Sensor: XPU 29.040, RealSecure Network: XPU 29.040, Proventia Network IDS: XPU 29.040, Proventia Network MFS: XPU 29.040, Proventia-G 1.1 and earlier: XPU 29.040, IBM Security Server Protection for Windows: 1.0.914.2380, IBM Security Server Protection for Windows: 2.0.300.2380, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 29.040, Virtual Server Protection for Vmware: 1.0
Gentoo Linux, Sun Solaris: 10 SPARC, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Novell OpenSUSE: 10.3, Novell OpenSUSE: 11.0, Novell SUSE Linux Enterprise Desktop: 10 SP2, RedHat RHEL Supplementary: 5.3.z EUS, Adobe Acrobat Reader: 9.0, Adobe Acrobat Reader: 9, Adobe Acrobat Professional: 9.0.0, Adobe Acrobat: 9.0, Adobe Acrobat Reader: 9.1, Adobe Acrobat: 9.1, RedHat Red Hat Enterprise Linux: 4.8.z Extras
Unauthorized Access Attempt
Adobe Acrobat and Reader are vulnerable to a buffer overflow, caused by a memory allocation error due to failure to adequately check integers read from the Pattern Dictionary of the JBIG segments embedded in the file. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Refer to Adobe Security Bulletin APSB09-07 for patch, upgrade or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Adobe Security Bulletin APSB09-07
Security Updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb09-07.html
IBM Internet Security Systems Protection Advisory
Multiple JBIG2 Vulnerabilities in Adobe Acrobat and Adobe Reader
http://www.iss.net/threats/327.html
NORTEL BULLETIN ID: 2009009587, Rev 1
Nortel Response to APSB09-07 Adobe Quarterly Security Update for June 2009
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=944212&poid=
Sun Alert ID: 265330
Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) (Adobe Security Bulletin APSB09-07)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265330-1
ISS X-Force
Adobe Acrobat and Reader Pattern Dictionary region buffer overflow
http://www.iss.net/security_center/static/49241.php
CVE
CVE-2009-0511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0511