Adobe Acrobat util.printf() Stack Buffer Overflow

Adobe Reader is arguably the world’s most ubiquitous electronic document sharing application. The software can be used to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files, and includes scripting functionality to allow for extended customization and extensibility.

Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the “util.printf()” JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.

4. Vulnerable packages

  • Adobe Reader 8.1.2
  • Acrobat 8.1.2

5. Non-vulnerable packages

  • Adobe Reader 9
  • Acrobat 9
  • Adobe Reader 8.1.3
  • Acrobat 8.1.3

Advisorie Completo aqui:

Exploit PoC aqui.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s