Security testing leader and vendor coordinate efforts
to protect users from critical bug
BOSTON, MA - November 4, 2008 - Core Security Technologies, provider of CORE IMPACT solutions for comprehensive enterprise security testing, today issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe’s Reader PDF file viewing software.
Adobe Reader is arguably the world’s most ubiquitous electronic document sharing application. The software can be used to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files, and includes scripting functionality to allow for extended customization and extensibility.
Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.
While investigating the feasibility of exploiting a vulnerability previously disclosed in Foxit Reader (CVE-2008-1104), a CoreLabs researcher found that Adobe Reader was affected by the same bug.
After an initial examination of the involved implementation bug, it was believed that although the problem was present, it was apparently not exploitable in Adobe Reader due to the use of two structured exception handlers in the program. The primary difference between the Adobe and Foxit applications is the manner in which they perform security checks, and at first glance, it seemed as if the bug was not exploitable in Reader, since there was no way to control the program’s first exception handler.
The vulnerability was discovered by Damián Frizza, a CoreLabs researcher and software engineer with the CORE IMPACT Exploit Writers Team. The previously disclosed vulnerability (CVE-2008-1104 ) mentioned in this report was discovered in Foxit Reader by Dyon Balding from Secunia Research and disclosed on May 20th, 2008.
For more information on this vulnerability, please view the
CORE-2008-0526 Security Advisory at http://www.coresecurity.com/content/adobe-reader-buffer-overflow
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. It conducts its research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Its results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs.
About Core Security Technologies
Core Security Technologies is the leader in comprehensive security testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.
Tim Whitman or Justin Drake