CERT-In Vulnerability Note CIVN-2008-93
Adobe Reader and Adobe Acrobat JavaScript method handling remote code execution Vulnerability
Original Issue Date:
June 25, 2008
Severity Rating:
High
System Affected
- Adobe Reader 8.1.2 and earlier
- Adobe Reader 7.0.9 and earlier
- Adobe Acrobat Professional 8.1.2 and earlier
- Adobe Acrobat Professional 7.0.9 and earlier
- Adobe Acrobat 3D 8.1.2 and earlier
- Adobe Acrobat 3D 7.0.9 and earlier
- Adobe Acrobat Standard 8.1.2 and earlier
- Adobe Acrobat Standard 7.0.9 and earlier
Overview
A vulnerability has been identified in Adobe Reader and Adobe Acrobat, which could be exploited by remote attackers to take complete control of the affected system or to cause application
crash.
Description
This issue is caused due to an input validation error in the implementation of an unspecified JavaScript method. This vulnerability can be exploited by tricking a user into opening a specially crafted PDF document. Opening the maliciously crafted PDF document may lead to an application crash or arbitrary code execution.
Successful exploitation of this issue allows the execution of arbitrary code, which could help the remote attackers to take complete control over the affected system.
Solution
Apply appropriate patches as mentioned in Adobe Security Bulletin APSB08-15
Vendor Information
Adobe Systems
http://www.adobe.com/support/security/bulletins/apsb08-15.html
References
FrSIRT
http://www.frsirt.com/english/advisories/2008/1906
Secunia
http://secunia.com/advisories/30832/
SecurityFocus
http://www.securityfocus.com/bid/29908/discuss
CVE Name
CVE-2008-2641
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
