Adobe Reader and Acrobat contain a flaw that may allow a denial of service. The issue is triggered an unspecified error occurs during the expansion of XMP-XML entities, and will result in loss of availability for the program.

Upgrade Reader to version 9.2 or higher and Acrobat users to upgrade to version 7.1.4, 8.1.7, 9.2 or higher as it has been reported to fix this vulnerability. Adobe has provided updates to Reader 7.1.4 and 8.1.7.

• Security Tracker: 1023007
• CVE ID: 2009-2979 (see also: NVD)
• Bugtraq ID: 36638
• Secunia Advisory ID: 37141 37149 37247
• Related OSVDB ID: 58906 58907 58908 58909 58910 58911 58912 58913 58914 58915 58916 58917 58918 58919 58920 58922 58923 58924 58925 58926 58927 58928 58929
• Other Advisory URL: http://blog.didierstevens.com/2009/11/02/cve-2009-2979-or-the-xml-bombed-pdf/
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1
  http://www.vupen.com/english/advisories/2009/2898
• Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
• Vendor URL: http://www.adobe.com/
• Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  http://www.gentoo.org/security/en/glsa/glsa-200910-03.xml
• News Article: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=220600883
• CERT: TA09-286B

• Didier Stevens