Description: Some vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
1) An error in the implementation of the "app.checkForUpdate()" JavaScript function can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
2) An error in the implementation of the "app.checkForUpdate()" JavaScript function can be exploited to bypass access restrictions and call restricted functions.
3) Several vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
The vulnerabilities affect versions 7.0.9 and earlier.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Provided and/or discovered by: 1, 2) cocoruder, Fortinet Security Research Team
3) The vendor credits:
* Tavis Ormandy and Will Drewry of the Google Security Team
* cocoruder of Fortinet Security Research Team
* Greg MacManus of iDefense Labs
* Paul Craig of Security-Assessment.com
* An anonymous researcher, reporting via ZDI.
Changelog: 2008-02-11: Added CVE references and links to iDefense Labs and Fortinet.
2008-02-12: Added link to ZDI.
2008-05-07: Added details about vulnerabilities #1 and #2 to the advisory. Updated the "Solution" and "Original Advisory" sections. Added CVE reference.
2008-05-08: Updated vendor links in the "Solution" section. Added "Adobe Acrobat 3D" to the list of affected products. Updated the "Solution" section.
2008-05-15: Added link to Security-Assessment.com. Updated "Description" section and removed "Unknown" impact.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
