Malformed Acrobat Distiller 8 .joboptions
=====================================================================
= Malformed Acrobat Distiller 8 .joboptions
=
= Vendor Website:
= http://www.adobe.com
=
= Affected Version:
= Adobe Acrobat Reader, Acrobat Professional 7, Acrobat Professional 8
=
= Vendor Notified - February 2007
= Public Disclosure - May 2008
=
http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_D
istiller_Malformed_joboptions_File.pdf
=====================================================================
== Overview ==
Another day, another file format bug, nothing to see here, move along..
Security-Assessment.com discovered multiple heap based overflow flaws
within
Acrobat Distiller 8 which under certain circumstances can be used to
execute
arbitrary code.
The vulnerability was found within the .joboptions file type.
An auto-opening PDF quality settings file extension used by Acrobat
Distiller.
Font names stored within the parameters /AlwaysEmbed and /NeverEmbed
both
produce a heap based overflow when a large (160+ char) font name is
supplied.
Acrobat 8 professional and any other Adobe suite which contains Acrobat
Distiller
acrodist.exe (Such as CS3) is vulnerable to this issue.
Original Vendor Advisories:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
== Solutions ==
Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2
available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849.
== Credit ==
Discovered and advised to Adobe February , 2007 by Paul Craig of
Security-Assessment.com - Paul.Craig<at>Security-Assessment.com
== Greetings ==
Past and present Security-Assessment.com members.
The .NZ Security Scene
KiwiCon '08 (www.kiwicon.org)
== About Security-Assessment.com ==
Security-Assessment.com is New Zealand's leading team of Information
security consultants specialising in providing high quality Information
and
Security services to clients throughout the Asia Pacific region.
Our clients include some of the largest globally recognised companies in
areas such as finance, telecommunications, broadcasting, legal and
government. Our aim is to provide the best independent advice
and a high level of technical expertise while creating long and lasting
professional relationships with our clients.
Security-Assessment.com is committed to security research and
development,
and its team continues to identify and responsibly publish
vulnerabilities
in public and private software vendor's products. Members of the
Security-Assessment.com R&D team are globally recognised through their
release of whitepapers and presentations related to new security
research.