Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Adobe Acrobat & Reader util.printf JavaScript Vulnerability

Date:11.05.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ has received reports of a proof-of-concept (PoC) exploit code circulating in the wild, exploiting a vulnerability in Adobe Reader 8.1.2, and Adobe Acrobat 8.1.2.

The flaw is a stack buffer overflow that results when parsing specially crafted PDF files (CVE-2008-2992). Successful exploitation allows the attacker the same level of permission rights to the desktop as the victim who opened the PDF file.

We urge customers to update to the latest version of Adobe Reader and Adobe Acrobat. We will continue to monitor the development of this threat.

Screenshot of the PoC exploit's shellcode in memory: 
 

Screenshot of malicious JavaScript code used to spray the heap with the shellcode: 
 

Screenshot of a call to the vulnerable function util.printf() to trigger the error: 
 

References:

ADOBE READER JAVASCRIPT PRINTF BUFFER OVERFLOW (Core Security Technologies discovered this)

Security Update available for Adobe Reader 8 and Acrobat 8