Adobe Acrobat Font Parsing Integer Overflow Vulnerability

Published: 2010-08-05
Last Updated: 2010-08-05 17:19:32 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
5 comment(s)

Charlie Miller discovered a integer overflow error in CoolType.dll when parsing the maxCompositePoints field value in the Maximum Profile table of a TrueType font. PDFs containing specially crafted TrueType fonts can trigger this vulnerability.

Want more information? Check the following document from pages 51 to 58: http://securityevaluators.com/files/papers/CrashAnalysis.pdf

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

5 comment(s)

Comments

Wait, hold on, we're supposed to go read a PDF about how reading PDFs is a security risk? ;-)
I happened to stumble upon an old article on Linux-Watch while researching a Linux Firefox issue I’m currently working…

http://www.linux-watch.com/news/NS7542722606.html
PDF to become an open, ISO standard - Jan 29, 2007

What I found rather amusing was this quote…
“In the 14 years since Adobe published the complete PDF specification in 1993, PDF has become a de facto global standard for secure and dependable information exchange and archival storage.”

Isn’t it ironic, that what was once considered “secure and dependable” is now the cause of so much grief in the Information Assurance world.
Looks like the fix is due out the week of August 16th. http://blogs.adobe.com/psirt/2010/08/pre-notification-out-of-band-security-updates-for-adobe-reader-and-acrobat.html
Adobe and Microsoft really should step together (even closer then recently) and make Adobe updates available in WSUS.

Updating all Readers, Acrobats is (becoming) a nightmare.
Adobe and Microsoft really should step together (even closer then recently) and make Adobe updates available in WSUS.

Updating all Readers, Acrobats is (becoming) a nightmare.

Diary Archives