Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0974

The remote host is missing updates announced in
advisory RHSA-2008:0974.

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)

The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)

All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2549
BugTraq ID: 29420
Cert/CC Advisory: TA08-309A
SuSE Security Announcement: SUSE-SR:2008:026 (Google Search)
XForce ISS Database: acrobatreader-pdf-dos(42886)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2992
BugTraq ID: 30035
BugTraq ID: 32091
Bugtraq: 20081104 CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow (Google Search)
Bugtraq: 20081104 Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow (Google Search)
Bugtraq: 20081104 ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability (Google Search)
CERT/CC vulnerability note: VU#593409
Common Vulnerability Exposure (CVE) ID: CVE-2008-4812
BugTraq ID: 32100
XForce ISS Database: adobe-acrobatreader-type1font-code-execution(46332)
Common Vulnerability Exposure (CVE) ID: CVE-2008-4813
Bugtraq: 20081104 ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability (Google Search)
Bugtraq: 20081104 ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability (Google Search)
XForce ISS Database: adobe-acrobatreader-collab-code-execution(46344)
XForce ISS Database: adobe-acrobatreader-object-code-execution(46333)
Common Vulnerability Exposure (CVE) ID: CVE-2008-4814
XForce ISS Database: adobe-javascript-code-execution1(46334)
Common Vulnerability Exposure (CVE) ID: CVE-2008-4815
XForce ISS Database: adobe-acrobat-reader-priv-escalation(46335)
Common Vulnerability Exposure (CVE) ID: CVE-2008-4817
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.