Critical Adobe Acrobat Font Parsing Vulnerability
GSA Reference Number: AD100805-01
Simply Put: A new vulnerability has been found in Adobe Acrobat. This vulnerability can result in remote code execution. A patch is not available at this time; however, Adobe is working on a fix that should come out in the next few weeks. Adobe Reader and Acrobat versions 9.3.3 and earlier are vulnerable to this issue.
Attack Details: This vulnerability exploits an integer overflow in the CoolType.dll module in Adobe Acrobat and Reader. This vulnerability can be triggered by opening a maliciously-crafted PDF file with TrueType Fonts. Security researchers released details for this vulnerability at the Black Hat 2010 conference.
Countermeasures: At this time, Adobe has not released countermeasures or workarounds for this vulnerability. Gladiator recommends that users do not open any unsolicited PDF files. Also, users should configure their Web browser to prompt before opening any PDF files so that malicious websites cannot automatically launch Adobe Acrobat or Reader.
Reference Links:
- SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=9334)
- The Register Article (http://www.theregister.co.uk/2010/08/04/critical_adobe_reader_vuln/)