21 Feb Security Advisory – SOS-11-001 – Adobe Reader 9.4.1 Infinite Loop Condition
Release Date: 21-Feb-2011
Last Update: –
Vendor Notification Date: 26-Jul-2010
Product: Adobe Reader
Platform: Microsoft Windows
Affected versions: 9.4.1 verified and possibly others
Severity Rating: Low
Impact: Denial of service
Attack Vector: Local system
Solution Status: Vendor patch
CVE reference: CVE-2011-0585
Adobe Reader is a popular freeware PDF viewer. Version 9.4.1 of the application is vulnerable to a DoS attack. By sending specially crafted PDF files it is possible to cause Adobe Reader to become “stuck” within an infinite loop condition, consuming system resources.
If triggered, forced closure of the application is required. It is not possible to execute code by exploiting this vulnerability.
Please refer to the PDF version of this advisory for proof of concept code examples.
A patch is available from Adobe and is included in the next release (9.4.2).
Sense of Security Labs.