Adobe Reader geticon Buffer Overflow
Adobe Reader (formerly Acrobat Reader) is a ubiquitous application for viewing PDF (Portable Document Format) documents.
The app.Collab object provides the getIcon method, which accepts an string argument that serves as the name of an icon. The supplied path string must contains one of "N", "D", "H" characters followed by a "." character. For example:
An attacker can exploit this vulnerability by enticing a user to open a crafted PDF document. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged in user. Code injection that does not result in execution would terminate the application due to memory corruption.
The vulnerability has been assigned as CVE-2009-0927.
SonicWALL has released a IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed bellow: