1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Adobe JBIG2Decode BO

HTTP Adobe JBIG2Decode BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a remote code-execution vulnerability in the Adobe Acrobat and Reader

Additional Information

Adobe Acrobat and Reader are applications for handling PDF files.

The applications are prone to a remote code-execution vulnerability that stems from an integer-overflow error when they process a malformed JBIG2 image stream with the '/JBIG2Decode' filter.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects Reader and Acrobat 9, 8.1.3 and prior, and 7.

UPDATE (February 24, 2009): Further reports suggest that this issue affects the vulnerable applications running on Apple Mac OS X and various Linux-based operating systems.

Response

NOTE: The vendor is in the process of fixing this issue and will release first fixes by March 11, 2009.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube