Vulnerability in certain versions of Adobe Acrobat

BANGALORE, INDIA: Trend Micro has warned against buffer overflow vulnerability in versions 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the program(s) to crash, as well as allow a remote user to execute malicious code on an affected system.

Trend Micro Security Advisory rated this vulnerability as critical.

It exploits a vulnerability in a non-JavaScript function call; however JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat/Reader.

Trend Micro identifies different malware related to this vulnerability in older versions of Adobe Acrobat and Adobe readers as TROJ_PIDIEF.IN, TROJ_PIDIEF.IP, TROJ_PIDIEF.KO and TROJ_PIDIEF.JB.

Explaining how these malware exploit the vulnerability to actually compromise system security, Amit Nath, country manager, India and SAARC, Trend Micro, says, “For example, the Trojan TROJ_PIDIEF.IN takes advantage of Adobe Vulnerability CVE-2009-0658, an array indexing error when processing a malformed JBIG2 stream within a PDF document. It could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially-crafted PDF file.”

The illustration below shows detailed behaviour program of this Trojan:

“Since Acrobat integrates seamlessly with popular web browsers, simply clicking on a seemingly-safe PDF file on a website may be enough to cause Acrobat to load PDF content on your computer. This way, all that an attacker needs to do to exploit these vulnerabilities is to convince gullible users of the (fake) authenticity of the specially-crafted Adobe Portable Document Format (PDF) file and coax them into opening it,” added Nath.

Trend Micro advises people to refrain from using versions 9 and older Adobe products until the appropriate patches have been installed