Rapid7 Vulnerability & Exploit Database

Adobe Acrobat/Reader JBig2Decode Buffer Overflow Vulnerability

Back to Search

Adobe Acrobat/Reader JBig2Decode Buffer Overflow Vulnerability

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/20/2009
Created
07/25/2018
Added
03/20/2009
Modified
10/01/2019

Description

A memory corruption in certain versions of Adobe Acrobat and Adobe Reader (formerly known as Adobe Acrobat Reader) can be triggered by a specially-crafted PDF file. This vulnerability can be exploited reliably and with minimal user interaction to take complete control over the affected systems. A user who views such a PDF file in their browser or who even browses to a Windows folder containing such a file can be exploited.

The vulnerability is caused by a defect in how Adobe Reader interprets JBIG2 image streams embedded within PDF documents.

While early reports suggested that disabling Acrobat JavaScript was sufficient to protect from this vulnerability, this is not the case. The vulnerability can be exploited reliably without using JavaScript.

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;