In this Section

Sense of Security – Security Advisory – SOS-11-001 – Adobe Reader 9.4.1 Infinite Loop Condition

pdf_symbol

Sense of Security – Security Advisory – SOS-11-001

Release Date. 21-Feb-2011
Last Update.
Vendor Notification Date. 26-Jul-2010
Product. Adobe Reader
  Adobe Acrobat
Platform. Windows
Affected versions. 9.4.1 verified and possibly others.
Severity Rating. Low
Impact. Denial of Service
Attack Vector. Local system
Solution Status. Upgrade to 9.4.2 (as advised by Adobe)
CVE reference. CVE-2011-0585

 

Details.

Adobe Reader is a popular freeware PDF viewer. Version 9.4.1 of the application is vulnerable to a DoS attack. By sending specially crafted PDF files it is possible to cause Adobe Reader to become “stuck” within an infinite loop condition, consuming system resources.

 

If triggered, forced closure of the application is required.

It is not possible to execute code by exploiting this vulnerability.

 

Proof of Concept.

Proof of concept PDF files are available to Sense of Security customers upon request.

 

Solution.

A patch is available from Adobe and is included in the next release (9.4.2).

 

Discovered by.

Sense of Security Labs.