The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. (CVE-2009-1492 / CVE-2009-1493)

The version of Adobe Acrobat installed on the remote host is earlier than 9.1.1 / 8.1.5 / 7.1.2.  Such versions reportedly fail to validate input from a specially crafted PDF file before passing it to the JavaScript method 'getAnnots()' leading to memory corruption and possibly arbitrary code execution.

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0478 advisory.

    Adobe Reader allows users to view and print documents in Portable Document     Format (PDF).

    Two flaws were discovered in Adobe Reader's JavaScript API. A PDF file     containing malicious JavaScript instructions could cause Adobe Reader to     crash or, potentially, execute arbitrary code as the user running Adobe     Reader. (CVE-2009-1492, CVE-2009-1493)

    All Adobe Reader users should install these updated packages. They contain     Adobe Reader version 8.1.5, which is not vulnerable to these issues. All     running instances of Adobe Reader must be restarted for the update to take     effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update of acroread fixes two vulnerabilities in the JavaScript API that allow attackers to execute arbitrary code with a malformed PDF file. (CVE-2009-1492,CVE-2009-1493)

The remote host is affected by the vulnerability described in GLSA-200907-06 (Adobe Reader: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been reported in Adobe Reader:
    Alin Rad Pop of Secunia Research reported a heap-based buffer     overflow in the JBIG2 filter (CVE-2009-0198).
    Mark Dowd of the IBM Internet Security Systems X-Force and     Nicolas Joly of VUPEN Security reported multiple heap-based buffer     overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510,     CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)     Arr1val reported that multiple methods in the JavaScript API     might lead to memory corruption when called with crafted arguments     (CVE-2009-1492, CVE-2009-1493).
    An anonymous researcher reported a stack-based buffer overflow related     to U3D model files with a crafted extension block (CVE-2009-1855).
    Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow     related to the FlateDecode filter, which triggers a heap-based buffer     overflow (CVE-2009-1856).
    Haifei Li of Fortinet's FortiGuard Global Security Research Team     reported a memory corruption vulnerability related to TrueType fonts     (CVE-2009-1857).
    The Apple Product Security Team reported a memory corruption     vulnerability in the JBIG2 filter (CVE-2009-1858).
    Matthew Watchinski of Sourcefire VRT reported an unspecified memory     corruption (CVE-2009-1859).
    Will Dormann of CERT reported multiple heap-based buffer overflows when     processing JPX (aka JPEG2000) stream that trigger heap memory     corruption (CVE-2009-1861).
    Multiple unspecified vulnerabilities have been discovered     (CVE-2009-2028).
  Impact :

    A remote attacker could entice a user to open a specially crafted     document, possibly resulting in the execution of arbitrary code with     the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

The version of Adobe Reader installed on the remote host is earlier than 9.1.1 / 8.1.5 / 7.1.2.  Such versions reportedly fail to validate input from a specially crafted PDF file before passing it to the JavaScript method 'getAnnots()' leading to memory corruption and possibly arbitrary code execution.

ID	Name	Product	Family	Severity
51706	SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6264)	Nessus	SuSE Local Security Checks	high
51691	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6260)	Nessus	SuSE Local Security Checks	high
41366	SuSE 11 Security Update : acroread_ja (SAT Patch Number 904)	Nessus	SuSE Local Security Checks	high
41363	SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 899)	Nessus	SuSE Local Security Checks	high
40804	Adobe Acrobat < 9.1.1 / 8.1.5 / 7.1.2 getAnnots() JavaScript Method PDF Handling Memory Corruption (APSB09-06)	Nessus	Windows	high
40744	RHEL 5 : acroread (RHSA-2009:0478)	Nessus	Red Hat Local Security Checks	high
40183	openSUSE Security Update : acroread (acroread-893)	Nessus	SuSE Local Security Checks	high
39907	openSUSE Security Update : acroread (acroread-893)	Nessus	SuSE Local Security Checks	high
39777	GLSA-200907-06 : Adobe Reader: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	critical
38856	openSUSE 10 Security Update : acroread (acroread-6258)	Nessus	SuSE Local Security Checks	high
38746	Adobe Reader getAnnots() JavaScript Method PDF Handling Memory Corruption (APSB09-06)	Nessus	Windows	high

Detections

Analytics

CVE-2009-1492

high

Tenable Plugins

high

high

high

high

high

high

high

high

critical

high

high