Adobe has patched two bugs in its Acrobat Reader
application that could allow an attacker to take over a user's
system via a malicious PDF attached to an e-mail message. The bugs
affect Windows, Mac OS X and Unix.
Security research company iDefense warned of the bug affecting
Windows and Mac in an advisory published on the Bugtraq mailing
list late on Tuesday. The problem is a format string vulnerability
in version 6.0.2 of Adobe Reader, allowing users to craft a special
.etd file that could cause an invalid memory access and allow for
the execution of malicious code with the privileges of the user.
Reader uses .etd files in handling eBooks.
The bug could be exploited by an e-mail containing either a
malicious PDF file or a link to such a file, according to iDefense.
The company said earlier versions of Acrobat Reader 6 could be
vulnerable and said the bug is likely to also affect Adobe Acrobat,
the application used to create PDF files.
Adobe released a fix in version 6.0.3 of both Acrobat and
Acrobat Reader for Windows and Mac OS X. All the updates are
available from Adobe's website.
IDefense said users could also work around the problem by
deleting the file C:\Program Files\Adobe\Acrobat
6.0\Reader\plug_ins\eBook.api, which makes Reader and Acrobat
unable to handle eBooks.
A similar bug affects Unix. A boundary error in the
mailListIsPdf() function, which checks to see whether a document in
an e-mail is a PDF file, unsafely copies user-supplied data into a
fixed-sized buffer, according to iDefense.
This could allow an attacker to cause a buffer overflow and
execute malicious code, the company said. Adobe has fixed the bug
in Acrobat Reader version 5.0.9 for Unix, available on its site.
iDefense said previous versions of Reader 5 are likely to also be
affected. In its advisory, iDefense included a shell script patch
users can apply for additional protection.
Several bugs were also reported in Ethereal, a network software
and protocol development, troubleshooting and analysis tool. The
bugs can make the application hang, crash or otherwise disrupt a
system, and may also allow for malicious code execution, Ethereal's
developers said.
"It may be possible to make Ethereal crash or run arbitrary code
by injecting a purposefully malformed packet onto the wire or by
convincing someone to read a malformed packet trace file," the
project said in a Wednesday advisory.
The bugs affect versions 0.9.0 up to and including 0.10.7, and
are fixed in version 0.10.8. Secunia, which publishes an
independent security database, said the problems were "highly
critical."
By
Techworld staff