![]() If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code.Īdobe Reader and Acrobat JavaScript Insecure Method Exposure VulnerabilityĮScript.api plug-in vulnerability (CVE-2007-5663)Īdobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. These issues exist due to insufficient input validation in several JavaScript methods. Stack-based Buffer Overflow Vulnerabilities (CVE-2007-5659) User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file.įGA-2008-04: Silent Print Vulnerability in Adobe Acrobat/ReaderĪ specially crafted PDF document may silently request to be printed with arbitrary frequency, causing a denial of service while wasting resources.Īdobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities ![]() This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. Integer Overflow Vulnerability (CVE-2008-0726) ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability 6, Adobe made an update to Acrobat and Adobe Reader 8 available to update the products to version 8.1.2. The last couple of days have brought up multiple serious vulnerabilities in very commonly used client software:Īdobe has released Adobe Reader 8.1.2 to address multiple unspecified vulnerabilities.ĪPSA08-01: Security update available for Adobe Reader and Acrobat 8 ![]() Multiple vulnerabilities in commonly used client software The IP address belongs to LeaseWeb, a hosting provider in The Netherlands we already notified. The Adobe Reader vulnerability is being exploited in the wild! A malicious PDF file (called 1.pdf in this example) served from IP address "85.17.221.2" (not active at this time) downloads a malware specimen called Trojan, a variant of Zonebac. These vulnerabilities are exploited through a maliciously crafted PDF file containing a variant of the Zonebac Trojan. US-CERT has received information that vulnerabilities affecting Adobe Reader are actively being exploited. One of these vulnerabilities is currently being exploited in the wild.Īctive Exploitation of Adobe Reader Vulnerabilities The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.Īdobe Reader and Adobe Acrobat Remote Code ExecutionĪdobe Acrobat Reader 8.1.1 and earlier and Adobe Acrobat 8.1.1 are vulnerable to multiple vulnerabilities that would allow an attacker to execute arbitrary code on a remote system by enticing a user to open a specially-crafted PDF file. ![]() TA08-043A: Adobe Reader and Acrobat VulnerabilitiesĪdobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |