Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.
While investigating the feasibility of exploiting a vulnerability previously disclosed in Foxit Reader (CVE-2008-1104), a CoreLabs researcher found that Adobe Reader was affected by the same bug.
After an initial examination of the involved implementation bug, it was believed that although the problem was present, it was apparently not exploitable in Adobe Reader due to the use of two structured exception handlers in the program. The primary difference between the Adobe and Foxit applications is the manner in which they perform security checks, and at first glance, it seemed as if the bug was not exploitable in Reader, since there was no way to control the program’s first exception handler.
The vulnerability was discovered by Damián Frizza, a CoreLabs researcher and software engineer with the CORE IMPACT Exploit Writers Team. The previously disclosed vulnerability (CVE-2008-1104) mentioned in this report was discovered in Foxit Reader by Dyon Balding from Secunia Research and disclosed on May 20th, 2008.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.