Tuesday, June 24, 2008 8:26 AM
cmosby
Adobe Reader/Acrobat JavaScript Method Handling Vulnerability - Secunia - 06/24/2008
Adobe Reader/Acrobat JavaScript Method Handling Vulnerability
Secunia Advisory:
SA30832
Release Date:
2008-06-24
Critical:
Highly critical
Impact:
DoS
System access
Where:
From remote
Solution Status:
Vendor Patch
Software:
Adobe Acrobat 3D
Adobe Acrobat 7 Professional
Adobe Acrobat 7.x
Adobe Acrobat 8 Professional
Adobe Acrobat 8.x
Adobe Reader 7.x
Adobe Reader 8.x
CVE reference:
CVE-2008-2641 (Secunia mirror)
Description:
A vulnerability has been reported in Adobe Reader/Acrobat, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the implementation of an unspecified JavaScript method and can be exploited to cause a crash or potentially execute arbitrary code via a specially crafted PDF file.
NOTE: The vulnerability is reportedly being exploited in the wild.
The vulnerability is reported in the following products and versions:
* Adobe Reader versions 8.0 through 8.1.2
* Adobe Reader versions 7.0.9 and earlier
* Adobe Acrobat Professional, 3D and Standard versions 8.0 through 8.1.2
* Adobe Acrobat Professional, 3D and Standard versions 7.0.9 and earlier
Do you have this product installed on your home computer? Scan using the free
Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the
Network Software Inspector.
Solution:
Adobe Reader 8 for Windows:
Update to Adobe Reader 8.1.2 Security Update 1.
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3967Adobe Reader 8 for Macintosh:
Update to Adobe Reader 8.1.2 Security Update 1.
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3966Acrobat 8 for Windows:
Update to Acrobat 8.1.2 Security Update 1.
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3976Acrobat 8 for Macintosh:
Update to Acrobat 8.1.2 Security Update 1.
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3977Acrobat 3D Version 8 for Windows:
Update to Acrobat 3D Version 8.1.2 Security Update 1.
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3975Adobe Reader 7.0 through 7.0.9:
Upgrade to Adobe Reader 7.1.0.
http://www.adobe.com/go/getreaderAcrobat 7 for Windows:
Update to Acrobat 7.1.0.
http://www.adobe.com/support/download...ct.jsp?product=1&platform=WindowsAcrobat 7 for Macintosh:
Update to Acrobat 7.1.0.
http://www.adobe.com/support/download....jsp?product=1&platform=MacintoshProvided and/or discovered by:
The vendor credits the Information Security Team of the Johns Hopkins University Applied Physics Laboratory.
Original Advisory:
Adobe APSB08-15:
http://www.adobe.com/support/security/bulletins/apsb08-15.html
Filed under: Patch Management, Internet Applications, Security, Configuration Managment, Enterprise Applications, Software Vulnerabilites