Check Point Advisories

Adobe Reader Memory Corruption (APSB14-28: CVE-2014-8460) - ver 2

Vulnerability
Protection

Check Point Reference:	CPAI-2015-0020
Date Published:	11 Jan 2015
Severity:	High
Last Updated:	Thursday 22 January, 2015
Source:	Adobe APSB14-28
Industry Reference:	CVE-2014-8460
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70
Who is Vulnerable?	Adobe Systems Acrobat 7.1.2 and prior Adobe Systems Acrobat 8.1.5 and prior Adobe Systems Acrobat 9.1.2 and prior Adobe Systems Reader 7.1.2 and prior Adobe Systems Reader 8.1.5 and prior Adobe Systems Reader 9.1.2 and prior Adobe Sytems Reader 10.1.12 and prior
Vulnerability Description	Adobe Reader is vulnerable to a buffer overflow while parsing the font data. The access violation occurs because the number of subroutines for the embedded font is larger than the size of the subroutine array which leads to a crash.
Update/Patch Avaliable	Apply patches from: APSB14-28

Protection Overview

This protection will detect and block attempts to download malicious files from a server, that might be opened by default by the Adobe Reader or Acrobat application, and are aimed at exploiting this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

In the IPS tab, click Protections and find the Adobe Reader Memory Corruption (APSB14-28: CVE-2014-8460) - ver 2 protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Adobe Reader Violation.
Attack Information: Adobe Reader Memory Corruption (APSB14-28: CVE-2014-8460) - ver 2