Adobe Acrobat Stack Exhaustion DoS Vulnerability

Adobe Acrobat is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.   Attackers can exploit this issue to cause the affected application to crash, effectively denying service. Arbitrary code execution may be possible, but has not been confirmed.

Adobe Acrobat 9.1.1 is vulnerable; other versions may also be affected.

NOTE: This BID was previously classified as a buffer-overflow. Further analysis reveals that it is a stack exhaustion, and code execution is unlikely.

Vulnerable:
Adobe Acrobat Reader 9.1.1
Adobe Acrobat 9.1.1

PoC is available

http://www.securityfocus.com/bid/35148/discuss

Leave a Reply