[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] TELUS Security Labs VR - Adobe Reader U3D CLODMeshDeclaration Shading Count Memory Corruption

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] TELUS Security Labs VR - Adobe Reader U3D CLODMeshDeclaration Shading Count Memory Corruption
From: TELUS Security Labs - Vulnerability Research <noreply@xxxxxxxxx>
Date: Tue, 13 Apr 2010 21:27:25 -0400 (EDT)

Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow

TSL ID: FSC20100413-01

1. Affected Software

  Adobe Systems Acrobat Reader 8.1.6 for Linux
  Adobe Systems Acrobat Reader 9.2 for Linux
  Adobe Systems Acrobat Reader 9.3 for Linux

  Reference: http://get.adobe.com/reader/

2. Vulnerability Summary

  A remotely exploitable vulnerability has been discovered in Adobe Acrobat 
Reader for Linux. Specifically, the vulnerability is due to an integer overflow 
when processing the "Shading Count" field in the CLOD Mesh Declaration block, 
which may lead to a heap based buffer overflow and execution of arbitrary code. 

3. Vulnerability Analysis

  This vulnerability may be exploited by remote attackers to execute arbitrary 
code on the vulnerable system by enticing a user to open a maliciously crafted 
PDF document. A successful attack will result in arbitrary code executed on the 
target host with the privileges of the logged-on user. An unsuccessful attack 
can abnormally terminate the affected product.

4. Vulnerability Detection

  TELUS Security Labs has confirmed the vulnerability in:

  Adobe Systems Acrobat Reader 8.1.6 for Linux
  Adobe Systems Acrobat Reader 9.2 for Linux
  Adobe Systems Acrobat Reader 9.3 for Linux

5. Workaround

  Avoid opening untrusted PDF files, or use an alternative application to 
process PDF files.

6. Vendor Response

  The vendor, Adobe, has released an advisory regarding this vulnerability:

  http://www.adobe.com/support/security/bulletins/apsb10-09.html


7. Disclosure Timeline

  2010-02-19 Reported to vendor
  2010-02-19 Initial vendor response
  2010-04-13 Coordinated public disclosure

8. Credits

  Vulnerability Research Team, TELUS Security Labs

9. References

  CVE: CVE-2010-0196
  TSL: FSC20100413-01
  Vendor: apsb10-09

10. About TELUS Security Labs

  TELUS Security Labs, formerly Assurent Secure Technologies, is the leading 
provider of security research. Our research services include:

    * Vulnerability Research
    * Malware Research
    * Signature Development
    * Shellcode Exploit Development
    * Application Protocols
    * Product Security Testing
    * Security Content Development (parsers, reports, alerts)

  TELUS Security Labs provides a specialized portfolio of services to assist 
security product vendors with newly 
discovered commercial product vulnerabilities and malware attacks. Many of our 
services are provided on a subscription basis to reduce research costs for our 
customers. Over 50 of the world's leading security product vendors rely on 
TELUS Security Labs research.

  http://telussecuritylabs.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Anthology of attacks via captchas
Next by Date: [Full-disclosure] stratsec Security Advisory: SS-2010-004 Microsoft SMB Client Kernel Stack Overflow
Previous by thread: [Full-disclosure] Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability
Next by thread: [Full-disclosure] stratsec Security Advisory: SS-2010-004 Microsoft SMB Client Kernel Stack Overflow
Index(es):
- Date
- Thread