October 9th, 2007

Adobe warns of critical PageMaker, Illustrator flaws

Posted by Ryan Naraine @ 6:22 pm

Categories: Browsers, Data theft, Exploit code, Hackers, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Adobe Systems Inc., Adobe GoLive, PageMaker, Flaw, Security, Ryan Naraine

Adobe has shipped patches for several high-risk security holes affecting its widely used PageMaker, Illustrator and GoLive 9 products.

On the same day Microsoft released a batch of six security bulletins, Adobe joined the Patch Tuesday train with three advisories covering a total of five vulnerabilities.

The most serious is a buffer overflow in Adobe PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an attacker to take control of the affected system. Adobe rates this a “critical” issue and recommends the patch is applied immediately.

Vuln.sg, the research outfit credited with the discovery, provides some technical details:

A stack-based buffer overflow occurs in Adobe PageMaker for Windows when a specially-crafted PageMaker (PMD) file that contains an overly long font-name is opened. This is due to a boundary error in MAIPM6.DLL when copying the font-name into a fixed-length stack buffer. This can be exploited to execute arbitrary code on the user’s system when the user opens a malicious PMD file.

Adobe also plugged a pair of “critical” holes affecting Illustrator CS3, warning that malicious BMP, DIB, RLE, or PNG files opened in Illustrator by the user for an attacker could lead to code execution attacks.

[ SEE: Adobe confirms PDF backdoor, offers unsupported workaround ]

The third bulletin, also rated critical, from Adobe covers two vulnerabilities in GoLive 9 that could be exploited by malicious hackers to take control of a vulnerable system.

A user must be convinced to insert a malicious BMP, DIB, PNG, or RLE file into a GoLive document for an attacker to exploit these potential vulnerabilities. Users are recommended to update their installations with the instructions provided below, and Adobe encourages all customers to be cautious before opening any unknown file, regardless of which application they may be using.

An update for GoLive on Macintosh is not available at this time. In the meantime, Adobe recommends removing the PNG Plugin, or not using PNGs from untrusted sources.

Adobe is also working on a fix for a dangerous code execution flaw affecting Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions, and Adobe Acrobat 3D.