Adobe Vulnerabilities

by certifiedbug on May 7, 2008

in Security

Fortinet reports multiple vulnerabilities in the javascript API for Adobe Acrobat Professional / Adobe Reader.

Impact: Remote code execution and privilege escalation.
Risk: Critical
Affected Software:
Adobe Acrobat Professional 7.0.9
Adobe Reader 7.0.9

Additional Information:
Two vulnerabilities exist in the Adobe javascript api, which are exploited through a user-supplied callback function:
A memory corruption issue that can be remotely exploited, allowing a remote attacker to execute arbitrary code on the affected system
A privilege escalation issue that allows an attacker to bypass security measures to remotely access restricted functions

Solutions:
Users should apply the update supplied by Adobe to address these issues

http://www.adobe.com/support/security/bulletins/apsb08-13.html

Full Disclosure: Adobe Acrobat Professional Javascript For PDF Security Feature Bypass and Memory Corruption Vulnerabilities
http://seclists.org/fulldisclosure/2008/May/0140.html

Hosted and sponsored by Secunia

Tagged as: , ,

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Older post: Windows Live Messenger for Facebook

Newer post: Microsoft May 2008 Bulletin Release Advance Notification