Multiple Vulnerabilities Affecting Adobe Reader [CVE-2009-1942, CVE-2009-1943]

Adobe Reader Code Execution (CVE-2009-1492): The JavaScript API in Adobe Reader may allow a remote attacker to execute code on an affected system. The problem occurs when specially crafted JavaScript uses the getAnnots method in a PDF document. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15493. Adobe Reader Buffer Overflow (CVE-2009-1493): The JavaScript API in Adobe Reader may allow a remote attacker to execute code on an affected system. The problem occurs when specially crafted JavaScript uses the customDictionaryOpen method in a PDF document. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15492. Additionally as a result of ongoing research, the Sourcefire VRT has added multiple rules to the exploit, specific-threats, backdoor, multimedia and chat rule sets to provide coverage for emerging threats from these technologies.