English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800050
Category:Buffer overflow
Title:Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
Summary:Check for the version of Adobe Reader/Acrobat
Description:

Overview: This host has Adobe Reader/Acrobat installed, which is/are prone
to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to,
- a boundary error when parsing format strings containing a floating point
specifier in the util.printf() Javascript function.
- improper parsing of type 1 fonts.
- bounds checking not being performed after allocating an area of memory.

Impact:
Successful exploitation allows remote attackers to execute arbitrary code
to cause a stack based overflow via a specially crafted PDF, and could
also take complete control of the affected system and cause the application
to crash.

Impact Level: System

Affected Software/OS:
Adobe Reader versions 8.1.2 and prior - Windows(All)
Adobe Acrobat Professional versions 8.1.2 and prior - Windows(All)

Upgrade to 8.1.3 or higher versions,
http://www.adobe.com/products/

References:
http://www.adobe.com/support/security/bulletins/apsb08-19.html
http://www.coresecurity.com/content/adobe-reader-buffer-overflow
Cross-Ref: BugTraq ID: 30035
BugTraq ID: 32100
Common Vulnerability Exposure (CVE) ID: CVE-2008-2992
Bugtraq: 20081104 CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498032/100/0/threaded
Bugtraq: 20081104 Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498027/100/0/threaded
Bugtraq: 20081104 ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498055/100/0/threaded
http://www.milw0rm.com/exploits/6994
http://www.milw0rm.com/exploits/7006
http://secunia.com/secunia_research/2008-14/
http://www.coresecurity.com/content/adobe-reader-buffer-overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-072/
http://www.redhat.com/support/errata/RHSA-2008-0974.html
http://download.oracle.com/sunalerts/1019937.1.html
SuSE Security Announcement: SUSE-SR:2008:026 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Cert/CC Advisory: TA08-309A
http://www.us-cert.gov/cas/techalerts/TA08-309A.html
CERT/CC vulnerability note: VU#593409
http://www.kb.cert.org/vuls/id/593409
BugTraq ID: 32091
http://www.securityfocus.com/bid/32091
http://www.securityfocus.com/bid/30035
http://www.securitytracker.com/id?1021140
http://secunia.com/advisories/35163
http://www.vupen.com/english/advisories/2008/3001
http://www.vupen.com/english/advisories/2009/0098
http://osvdb.org/49520
http://secunia.com/advisories/29773
http://secunia.com/advisories/32872
http://secunia.com/advisories/32700
http://securityreason.com/securityalert/4549
Common Vulnerability Exposure (CVE) ID: CVE-2008-2549
http://www.milw0rm.com/exploits/5687
BugTraq ID: 29420
http://www.securityfocus.com/bid/29420
XForce ISS Database: acrobatreader-pdf-dos(42886)
http://xforce.iss.net/xforce/xfdb/42886
Common Vulnerability Exposure (CVE) ID: CVE-2008-4812
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
http://www.securityfocus.com/bid/32100
XForce ISS Database: adobe-acrobatreader-type1font-code-execution(46332)
http://xforce.iss.net/xforce/xfdb/46332
Common Vulnerability Exposure (CVE) ID: CVE-2008-4813
Bugtraq: 20081104 ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498056/100/0/threaded
Bugtraq: 20081104 ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498057/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-073/
http://www.zerodayinitiative.com/advisories/ZDI-08-074/
http://securityreason.com/securityalert/4564
XForce ISS Database: adobe-acrobatreader-collab-code-execution(46344)
http://xforce.iss.net/xforce/xfdb/46344
XForce ISS Database: adobe-acrobatreader-object-code-execution(46333)
http://xforce.iss.net/xforce/xfdb/46333
Common Vulnerability Exposure (CVE) ID: CVE-2008-4817
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756
http://osvdb.org/49541
Common Vulnerability Exposure (CVE) ID: CVE-2008-4816
Common Vulnerability Exposure (CVE) ID: CVE-2008-4814
http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124
XForce ISS Database: adobe-javascript-code-execution1(46334)
http://xforce.iss.net/xforce/xfdb/46334
Common Vulnerability Exposure (CVE) ID: CVE-2008-4815
https://bugzilla.redhat.com/show_bug.cgi?id=469882
XForce ISS Database: adobe-acrobat-reader-priv-escalation(46335)
http://xforce.iss.net/xforce/xfdb/46335
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.