HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 33 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Adobe Reader/Acrobat JBIG2 Stream Array Indexing Vulnerability
EH-Net
May 19, 2013, 12:26:15 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Adobe Reader/Acrobat JBIG2 Stream Array Indexing Vulnerability  (Read 6946 times)
0 Members and 1 Guest are viewing this topic.
Equix3n-
Sr. Member
****
Offline Offline

Posts: 386



View Profile
« on: February 24, 2009, 07:35:51 AM »
Description:
A vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an array indexing error in the processing of JBIG2 streams. This can be exploited to corrupt arbitrary memory via a specially crafted PDF file.

Successful exploitation allows execution of arbitrary code.

NOTE: Reportedly, the vulnerability is currently being actively exploited.

http://secunia.com/advisories/33901/
Logged
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #1 on: February 24, 2009, 07:45:40 AM »
Hey Xen! =) I have topic about it too, people are all fired up on it!


More Bad News for Adobe - Zero Day

Here's some extra stuff i had on mine:

Adobe just cant catch a break. This is severe and many IT staff are going as far as moving to other vendors temporarily, my company included (foxit). Do what you can, with what you have.

Also, lol, funny as i just posted a whole bunch of shmoo talks with links to pdfs Doh

** HD Moore's writeup here

** Exploit code here

**Sourcefire has some snort updates for the attacks

http://www.snort.org/vrt/advisories/vrt-rules-2009-02-20.html

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3642.msg16913/topicseen,1/#new
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #2 on: February 24, 2009, 10:32:36 AM »
I appreciate the link to HD Moore's blog, didn't think he'd do a write up on it. I had figured this one was going to be abused like the other 0 days that get published out there, as soon as I saw it on milw0rm. I hit up milw0rm yesterday and I saw the name "Adobe Acrobat Reader JBIG2 Local Buffer Overflow PoC #2 0day" there highlighted in yellow and it had about 500 hits on it. I went ahead took a look at the code myself then closed it, refreshed the milw0rm page the exploit had over 1000 hits. Lucky I switched over to foxit awhile has me feeling safe from this one, it's also a lot smaller in size compared to adobe reader / acrobat. You can get it from below for the people who haven't made the switch yet:

http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm
Logged
eCPPT, GCIH, OSCP, OSWP
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 928



View Profile WWW
« Reply #3 on: February 24, 2009, 10:51:52 AM »
Cheers for the links, HDM's writeup makes for a good read. One issue I found especially interesting was the comparison between Adobe's response to the incident and previous MS responses to similar issues:

Quote
Compare this Microsoft's response to MS08-078, MS08-067, or even MS06-001 and you can see a clear difference in how these companies respond to real-world attacks against their user base.

Whilst I'm a penguin lover, and have several reasons to dislike some of MS's software and business practices I think in a lot of areas they are damned-if-they-do and damned-if-they-don't. Despite a slower response from Adobe I doubt too many in the wider world are going to tar them with the same brush as MS.

I haven't had a chance to look too closely at the Milw0rm exploit, anyone had any success with it yet?
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
Ne0
Jr. Member
**
Offline Offline

Posts: 62


View Profile
« Reply #4 on: February 24, 2009, 10:18:26 PM »
hey guys i got this blog from a computer world where it says that a security reasercher as posted a home made pacth Cheesy for fresh vuln of pdf

A security researcher has published a home-brewed patch for a critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks
Lurene Grenier, a vulnerability researcher at intrusion-prevention vendor Sourcefire Inc., posted the patch Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees.

"The patch is just a replacement .dll -- AcroRd32.dll to be precise," said Grenier in a post to the Sourcefire vulnerability research blog. The .dll, which weighs in at 19MB, replaces the existing file in the "C:\Program Files\Adobe\Reader 9.0\Reader\" directory on Windows machines.

"No warranty expressed or implied, etc. etc.," concluded Grenier.
Logged
Equix3n-
Sr. Member
****
Offline Offline

Posts: 386



View Profile
« Reply #5 on: February 26, 2009, 03:57:59 AM »
After adobe reader, now there's bad news for Adobe flash player

    
Adobe Flash Player Multiple Vulnerabilities
Description:
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.

1) An error when processing multiple references to an unspecified object can be exploited to dereference freed memory via a specially crafted SWF file.

Successful exploitation allows execution of arbitrary code.

2) An input validation error in the processing of SWF files can be exploited to cause a crash and potentially execute arbitrary code.

3) An error when displaying the mouse pointer on Windows can be exploited to potentially conduct "Clickjacking" attacks.

4) An error in the Linux Flash Player binary can be exploited to disclose sensitive information and potentially gain escalated privileges.

http://secunia.com/advisories/34012/
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.073 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.