Advertisement
Home arrow ITsec Advisories arrow APSB08-15: Adobe Reader/Acrobat JavaScript Method Handling Vulnerability
Friday, 05 September 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  7154  66.99%
Win 2003  3088  28.91%
FreeBSD  225  2.11%
Win 2000  128  1.20%
SolarisSunOS  37  0.35%
Other  48  0.45%

Total attacks: 10680 of which 2638 single ip and 8042 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
APSB08-15: Adobe Reader/Acrobat JavaScript Method Handling Vulnerability PDF Print E-mail
User Rating: / 2
PoorBest 
Written by Marcelo Almeida (Vympel)   
Tuesday, 24 June 2008
Security Update available for Adobe Reader and Acrobat 8.1.2

Release date: June 23, 2008

Vulnerability identifier: APSB08-15

CVE number: CVE-2008-2641

Platform: All platforms

Affected software versions:

  • Adobe Reader 8.0 through 8.1.2
  • Adobe Reader 7.0.9 and earlier
  • Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
  • Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier







NOTE: Adobe Reader 7.1.0 and Acrobat 7.1.0 are not vulnerable to this issue. Adobe Reader 9 and Acrobat 9, expected to be available by July 2008, are also not vulnerable to this issue...

Summary

A critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Acrobat 8 and Adobe Reader install the 8.1.2 Security Update 1 patch.

Solution

Acrobat 8 and Adobe Reader

Adobe recommends Adobe Reader 8 users update to Adobe Reader 8.1.2 Security Update 1, available at the links below:

For Windows: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3967

For Macintosh: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3966

Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2 Security Update 1, available here: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3976

Adobe recommends Acrobat 8 users on Macintosh update to Acrobat 8.1.2 Security Update 1, available here: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3977

Adobe recommends Acrobat 3D Version 8 users on Windows update to Acrobat 3D Version 8.1.2 Security Update 1, available here: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3975

Users with Adobe Reader 7.0 through 7.0.9 should upgrade to Adobe Reader 7.1.0: http://www.adobe.com/go/getreader.

Acrobat 7

Adobe recommends Acrobat 7 users on Windows update to Acrobat 7.1.0, available here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Adobe recommends Acrobat 7 users on Macintosh update to Acrobat 7.1.0, available here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Severity rating

Adobe categorizes this as an critical issue and recommends affected users update their installations.

Details

A critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Acrobat and Adobe Reader update their product installations using the instructions above to protect themselves from potential vulnerabilities. Adobe Reader 7.1.0 and Acrobat 7.1.0 are not vulnerable to this issue.

This update resolves an input validation issue in a JavaScript method that could potentially lead to remote code execution. (CVE-2008-2641)

NOTE: there are reports that this issue is being exploited in the wild.

Acknowledgments

Adobe would like to thank the Information Security Team of the Johns Hopkins University Applied Physics Laboratory for reporting the relevant issue and for working with Adobe to help protect our customers' security.

Original Article: 

http://www.adobe.com/support/security/bulletins/apsb08-15.html


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!