Adobe Acrobat / Reader multiple security vulnerabilities
Published:		05.11.2008
Source:		CERT
SecurityVulns ID:		9408
Type:		client
Level:		9/10
Description:		Buffer overflows, memory corruptions,code execution on PDF parsing.

Affected:		ADOBE : Adobe Reader 8.1
		ADOBE : Acrobat 8.1
CVE:		CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.)
		CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.)

Original document		IDEFENSE, iDefense Security Advisory 11.04.08: Adobe Acrobat And Reader AcroJS Heap Corruption Vulnerability (05.11.2008)
		ZDI, ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability (05.11.2008)
		ZDI, ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability (05.11.2008)
		ZDI, ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability (05.11.2008)
		IDEFENSE, iDefense Security Advisory 11.04.08: Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability (05.11.2008)
		CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow (05.11.2008)
		SECUNIA, Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow (05.11.2008)
		CERT, US-CERT Technical Cyber Security Alert TA08-309A -- Adobe Reader and Acrobat Vulnerabilities (05.11.2008)

Discuss:

Read or add your comments to this news (0 comments)