J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Adobe Download Manager AOM Buffer Overflow Vulnerability

Severity: HIGH

Description:

Adobe Download Manager is a client application for managing the retrieval of Adobe software products.

Adobe Download Manager is affected by a remote buffer-overflow vulnerability. This issue presents itself because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.

Specifically, 'AdobeDownloadManager.exe' extracts download information from AOM filetypes and transfers this information to 'dm.ini', which is a configuration file that controls the characteristics of a Download Manager file transfer. The Download Manager then reads the section name values from 'dmi.ini' into a 400-byte buffer and subsequently copies each section into respective 108-byte stack buffers. These process buffers have a finite length equal to the size of the section name string. By providing a maliciously designed AOM file, an attacker can overflow these limited stack buffers with inordinately long string values.

Note that users of Internet Explorer need only view a web page containing a malicious AOM file. If a webserver indicates a Content-Type of 'application/aom' when serving the AOM file, the vulnerable Download Manager application is called and a buffer overflow may occur with no further user interaction.

An attacker can exploit this issue by crafting a malicious AOM file and enticing a user to view a webpage containing the file. If the victim user opens this AOM file, the attacker may be able to execute arbitrary code on the affected computer and gain unauthorized access in the context of the user.

This issue affects Adobe Download Manager 2.1 and prior versions.

Affected Products:

  • Adobe Download Manager 2.1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.