|
Adobe Acrobat/Reader Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA29773
|
|
|
Release Date:
|
2008-11-04
|
|
Last Update:
|
2009-03-19
|
|
Popularity:
|
28,122 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Privilege escalation
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Adobe Acrobat 3D 8.x
Adobe Acrobat 7 Professional
Adobe Acrobat 7.x
Adobe Acrobat 8 Professional
Adobe Acrobat 8.x
Adobe Reader 7.x
Adobe Reader 8.x
|
|
|
Binary Analysis:
|
BA461 :: Available for 1 Credit 
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Multiple vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.
1) A boundary error exists when parsing format strings containing a floating point specifier in the "util.printf()" Javascript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF and allows execution of arbitrary code.
2) An out-of-bounds array indexing error when parsing embedded Type 1 fonts can be exploited to corrupt memory and may allow execution of arbitrary code.
3) An error in an AcroJS function used to perform HTTP authentication can be exploited to corrupt memory via an overly long string passed to the function. This may allow execution of arbitrary code.
4) An error when creating a Collab object and performing a specific sequence of actions on it can be exploited to corrupt memory. This may allow execution of arbitrary code.
5) An unspecified error when parsing malformed PDF objects can be exploited to corrupt memory, which may allow execution of arbitrary code.
6) An input validation error in the Download Manager used by Adobe Reader may allow code execution during the download process.
The vulnerability is related to:
SA32546
7) An error in the Download Manager used by Adobe Reader may result in a user’s Internet Security options being changed during the download process.
8) An input validation error in a JavaScript method may allow code execution.
9) An unspecified privilege escalation vulnerability exists in the version for UNIX/Linux.
The vulnerabilities are reported in version 8.1.2 and prior.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
