Bug 498322 - (CVE-2009-1492, CVE-2009-1493) CVE-2009-1492, CVE-2009-1493 acroread: multiple vulnerabilities in Adobe Reader 8.1.4
CVE-2009-1492, CVE-2009-1493 acroread: multiple vulnerabilities in Adobe Read...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,source=internet,repor...
: Security
Depends On: 500510 500511 500512
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-29 16:51 EDT by Vincent Danen
Modified: 2009-06-16 03:01 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-16 03:01:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2009-04-29 16:51:14 EDT
Two vulnerabilities have been reported in Adobe Acrobat Reader 8.1.4 and 9.1.0 that can allow for the execution of arbitrary code as the user running Reader if javascript is enabled.

http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.securityfocus.com/bid/34736

The first is a flaw in the getAnnots() function.  The second is a flaw in the customDictionaryOpen() function.

Adobe is recommending that users disable javascript until an update becomes available.
Comment 3 Vincent Danen 2009-05-01 12:46:19 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1492 to
the following vulnerability:

Name: CVE-2009-1492
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492
Assigned: 20090430
Reference: MISC: http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html
Reference: MISC: http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt
Reference: CONFIRM: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Reference: BID:34736
Reference: URL: http://www.securityfocus.com/bid/34736
Reference: SECUNIA:34924
Reference: URL: http://secunia.com/advisories/34924
Reference: VUPEN:ADV-2009-1189
Reference: URL: http://www.vupen.com/english/advisories/2009/1189
Reference: XF:reader-getannots-code-execution(50145)
Reference: URL: http://xforce.iss.net/xforce/xfdb/50145

The getAnnots Doc method in the JavaScript API in Adobe Reader and
Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to
cause a denial of service (memory corruption) or execute arbitrary
code via a PDF file that contains an annotation, and has an OpenAction
entry with JavaScript code that calls this method with crafted integer
arguments.



Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1493 to
the following vulnerability:

Name: CVE-2009-1493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493
Assigned: 20090430
Reference: MISC: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Reference: MISC: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Reference: BID:34740
Reference: URL: http://www.securityfocus.com/bid/34740
Reference: SECUNIA:34924
Reference: URL: http://secunia.com/advisories/34924
Reference: VUPEN:ADV-2009-1189
Reference: URL: http://www.vupen.com/english/advisories/2009/1189
Reference: XF:reader-spellcustom-code-execution(50146)
Reference: URL: http://xforce.iss.net/xforce/xfdb/50146

The customDictionaryOpen spell method in the JavaScript API in Adobe
Reader 8.1.4 and 9.1 on Linux allows remote attackers to cause a
denial of service (memory corruption) or execute arbitrary code via a
PDF file that triggers a call to this method with a long string in the
second argument.
Comment 4 Vincent Danen 2009-05-01 19:16:17 EDT
Upstream advisory indicates packages should be available May 12th:

http://www.adobe.com/support/security/advisories/apsa09-02.html
Comment 5 Vincent Danen 2009-05-12 19:21:29 EDT
Upstream has released 8.1.5:

http://www.adobe.com/support/security/bulletins/apsb09-06.html
Comment 8 errata-xmlrpc 2009-05-13 10:23:07 EDT
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5
  Extras for RHEL 3

Via RHSA-2009:0478 https://rhn.redhat.com/errata/RHSA-2009-0478.html

Note You need to log in before you can comment on or make changes to this bug.