|
Adobe Acrobat/Reader Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA29773
|
|
|
Release Date:
|
2008-11-04
|
|
Last Update:
|
2008-11-05
|
|
Popularity:
|
3,738 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Privilege escalation
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Adobe Acrobat 3D 8.x
Adobe Acrobat 8 Professional
Adobe Acrobat 8.x
Adobe Reader 8.x
|
|
|
Binary Analysis:
|
BA461 :: Available for 1 Credit 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2008-2549
CVE-2008-2992
CVE-2008-4812
CVE-2008-4813
CVE-2008-4814
CVE-2008-4815
CVE-2008-4816
CVE-2008-4817
|
|
Description:
Multiple vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.
1) A boundary error exists when parsing format strings containing a floating point specifier in the "util.printf()" Javascript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF and allows execution of arbitrary code.
2) An out-of-bounds array indexing error when parsing embedded Type 1 fonts can be exploited to corrupt memory and may allow execution of arbitrary code.
3) An error in an AcroJS function used to perform HTTP authentication can be exploited to corrupt memory via an overly long string passed to the function. This may allow execution of arbitrary code.
4) An error when creating a Collab object and performing a specific sequence of actions on it can be exploited to corrupt memory. This may allow execution of arbitrary code.
5) An unspecified error when parsing malformed PDF objects can be exploited to corrupt memory, which may allow execution of arbitrary code.
6) An input validation error in the Download Manager used by Adobe Reader may allow code execution during the download process.
The vulnerability is related to:
SA32546
7) An error in the Download Manager used by Adobe Reader may result in a user’s Internet Security options being changed during the download process.
8) An input validation error in a JavaScript method may allow code execution.
9) An unspecified privilege escalation vulnerability exists in the version for UNIX/Linux.
The vulnerabilities are reported in version 8.1.2 and prior.
Solution:
Upgrade to version 9 or update to version 8.1.3.
Provided and/or discovered by:
1) Independently discovered by:
* Dyon Balding, Secunia Research.
* Peter Vreugdenhil via ZDI.
2) Greg MacManus, iDefense Labs.
3) Reported by an anonymous person via iDefense.
4) Peter Vregdenhil via ZDI.
5) Javier Vicente Vallejo via ZDI.
6) Peter Vregdenhil via iDefense.
7) Reported by the vendor.
8) The vendor credits Thomas Garnier, SkyRecon Systems.
9) The vendor credits Josh Bressers, Red Hat.
Changelog:
2008-11-05: Added information about additional vulnerabilities and available fixes.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-14/
Adobe:
http://www.adobe.com/support/security/bulletins/apsb08-19.html
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-072/
http://www.zerodayinitiative.com/advisories/ZDI-08-073/
http://www.zerodayinitiative.com/advisories/ZDI-08-074/
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756
Other References:
US-CERT VU#593409:
http://www.kb.cert.org/vuls/id/593409
SA32546:
http://secunia.com/advisories/32546/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|