CERT-In Vulnerability Note CIVN-2008-76
Adobe Acrobat Reader Arbitrary Code Execution and Unspecified Remote Denial-of-Service Vulnerability
Original Issue Date:
June 10, 2008
Severity Rating:
High
System Affected
- Adobe Acrobat Reader 8.1.2 and prior
Overview
A vulnerability has been reported in Adobe Acrobat Reader 8.1.2 and earlier, which could cause
a denial-of-service (application crash).
Description
The vulnerability in Adobe Acrobat Reader 8.1.2 and prior allows remote attacker to execute multiple arbitrary code. Successful exploitation could crash the application and allows a denial-of-service via malformed or specially crafted PDF documents.
Workarounds
- Do not open documents that originate from unknown or untrusted sources.
- Do not follow links provided by unknown or untrusted sources.
- Remove the file association with PDFs and Adobe Reader so they are not immediately executed.
References
SecurityFocus
http://www.securityfocus.com/bid/29420/info
Security Lab
http://en.securitylab.ru/nvd/354261.php
Symantec
http://www.symantec.com/security_response/vulnerability.jsp?bid=27641
CVE-Name
CVE-2008-2549 Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
