Short Name |
HTTP:STC:ADOBE:CLTYP-TYPGPY-DOS |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Reader CoolType Typography Engine Remote Denial of Service |
Release Date |
2012/12/02 |
Update Number |
2207 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability against CoolType Typography Engine in Adobe Reader. A successful attack can result in a denial-of-service condition.
Adobe Acrobat and Reader are prone to a denial-of-service vulnerability due to a memory-corruption issue. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. Adobe Reader and Acrobat versions prior to and including 9.3.2 and 8.2.2 are affected. NOTE: This issue was previously covered in BID 41130 (Adobe Acrobat and Reader Prior to 9.3.3 Multiple Remote Vulnerabilities) but has been given its own record to better document it.