Adobe Acrobat / Reader multiple security vulnerabilities updated since 10.02.2008
Published:		12.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		8651
Type:		client
Level:		8/10
Description:		Multiple buffer overflows and integer overflows, unsafe methods, unsafe dynamic library loading.

Affected:		ADOBE : Adobe Reader 8.1
		ADOBE : Adobe Acrobat 8.1
CVE:		CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.)
		CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.)
		CVE-2007-5666
		CVE-2007-5663
		CVE-2007-5659
		CVE-2007-5609

Original document		ZDI, ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability (12.02.2008)
		CERT, US-CERT Technical Cyber Security Alert TA08-043A -- Adobe Reader and Acrobat Vulnerabilities (12.02.2008)
		cocoruder, Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability (10.02.2008)
		IDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities (10.02.2008)
		IDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability (10.02.2008)
		IDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability (10.02.2008)

Discuss:

Read or add your comments to this news (0 comments)