Intrusion Prevention

PDF.Document.Catalog.Handling.Memory.Corruption

Description

This indicates an attempt to exploit a vulnerability in the Adobe PDF implementation used in Adobe Acrobat Reader, Apple Mac OS X Preview, Apple CoreGraphics and Xpdf.
An attacker can create a PDF document with a specially crafted "catalog dictionary" or "Pages" attribute, which will cause memory corruption. As a result it may be possible to execute arbitrary code or cause a denial of service. To exploit the vulnerability the attacker must persuade the victim to open a malicious PDF file.

Affected Products

Adobe: Adobe PDF 1.3
Adobe Systems Incorporated: Adobe Acrobat prior to 8.0.0
Apple: Apple CoreGraphics Any version
Apple: Mac OS X Preview 3.0.8
Apple Computer, Inc.: Mac OS X 10.4 - 10.4.8
Apple Computer, Inc.: Mac OS X Server 10.4 - 10.4.8
Canonical Ltd.: Ubuntu 5.10
Canonical Ltd.: Ubuntu 6.06 LTS
Canonical Ltd.: Ubuntu 6.10
Data General: DG/UX Any version
Glyph & Cog: Xpdf 3.01p2 and prior
Hewlett-Packard Company: HP-UX Any version
Hewlett-Packard Company: Tru64 UNIX Any version
IBM: AIX Any version
IBM: OS/2 Any version
Kristian Hogsberg: Poppler 0.5.4 and prior
Linux: Linux Any version
MandrakeSoft, Inc.: Mandrake Linux Corporate Server 3.0
MandrakeSoft, Inc.: Mandrake Linux Corporate Server 3.0/X86_64
MandrakeSoft, Inc.: Mandrake Linux Corporate Server 4.0
MandrakeSoft, Inc.: Mandrake Linux Corporate Server 4.0/X86_64
Mandriva Linux: Mandriva Linux 2006
Mandriva Linux: Mandriva Linux 2006/X86_64
Mandriva Linux: Mandriva Linux 2007
Mandriva Linux: Mandriva Linux 2007/X86_64
Microsoft Corporation: Windows 95
Microsoft Corporation: Windows 98
Microsoft Corporation: Windows 98 Second Edition
Microsoft Corporation: Windows Me
Microsoft Corporation: Windows XP
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0
Santa Cruz Operation, Inc.: SCO Unix Any version
SGI: IRIX Any version
Sun Microsystems, Inc.: Solaris Any version
Wind River Systems, Inc.: BSD Any version

Impact

System compromise: remote code execution.
Denial of service.

Recommended Actions

Please refer to corresponding vendors for the latest update.

CVE References

CVE-2007-0103 CVE-2007-0104