10 - VU#788019

Executive Summary

Summary
Title	Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method

Informations
Name	VU#788019	First vendor Publication	2008-06-25
Vendor	VU-CERT	Last vendor Modification	2008-06-25
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#788019

Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method

Overview

Adobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system.

I. Description

Adobe Acrobat Reader is software designed to view Portable Document Format (PDF) files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files inside of a web browser. According to Adobe security bulletin APSB08-15, Adobe Reader and Acrobat fail to properly validate input to a JavaScript method, which can allow an attacker to take control of an affected system.

Adobe indicates that this issue is being exploited in the wild.

II. Impact

By convincing a user to open a specially-crafted PDF file, a remote, unauthenticated attacker may be able to execute arbitrary code. This can happen in several ways, such as opening an email attachment or viewing a web page.

III. Solution

Apply an update

This issue is addressed in Adobe Reader and Acrobat 8.1.2 Security Update 1 and also version 7.1.0. Please see Adobe security bulletin APSB08-15 for more details.

Disable JavaScript in Adobe Reader and Acrobat

Disabling Javascript may prevent this vulnerability from being exploited. Acrobat JavaScript can be disabled in the General preferences dialog (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript).

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOTAcroExch.Document.7]

"EditFlags"=hex:00,00,00,00

Disable the displaying of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities.

To prevent PDF documents from automatically being opened in a web browser:

Open Adobe Acrobat Reader.
Open the Edit menu.
Choose the preferences option.
Choose the Internet section.
Un-check the "Display PDF in browser" check box.

Ubuntu users and administrators can prevent Adobe Reader from automatically opening PDF files inside their web browser by removing the mozilla-acroread package.

Do not open untrusted PDF files

Do not open unfamiliar or unexpected PDF attachments. Users can convert PDF documents to text by using the Adobe Online Conversion Tools site. See the Online Conversion Tools FAQ for information about this service. This workaround will not mitigate all attack vectors.

Systems Affected

Vendor	Status	Date Updated
Adobe	Vulnerable	25-Jun-2008

References

http://www.adobe.com/support/security/bulletins/apsb08-15.html
http://secunia.com/advisories/30832/

Credit

This vulnerability was reported by Adobe, who in turn credit the Johns Hopkins University Applied Physics Laboratory.

This document was written by Will Dormann.

Other Information

Date Public	06/23/2008
Date First Published	06/25/2008 10:04:30 AM
Date Last Updated	06/25/2008
CERT Advisory
CVE Name	CVE-2008-2641
US-CERT Technical Alerts
Metric	21.55
Document Revision	5

Original Source

Url : http://www.kb.cert.org/vuls/id/788019

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22594

Oval ID:	oval:org.mitre.oval:def:22594
Title:	ELSA-2008:0641: acroread security update (Critical)
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0641-02 CVE-2008-0883 CVE-2008-2641	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	acroread
Definition Synopsis:
Oracle Linux 5.x rpm test acroread-plugin is earlier than 0:8.1.2.SU1-2.el5 AND acroread is earlier than 0:8.1.2.SU1-2.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat 3D cpe:2.3:a:adobe:acrobat_3d:8.1.2::standard::::: cpe:2.3:a:adobe:acrobat_3d:8.1.2::professional::::: cpe:2.3:a:adobe:acrobat_3d:8.1.1::professional::::: cpe:2.3:a:adobe:acrobat_3d:8.1.1::standard::::: cpe:2.3:a:adobe:acrobat_3d:8.1::standard::::: cpe:2.3:a:adobe:acrobat_3d:8.1::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.9::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.9::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.8::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.8::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.7::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.7::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.6::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.6::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.5::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.5::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.4::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.4::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.3::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.3::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.2::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.2::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.1::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0.1::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.0::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0.0::professional::::: cpe:2.3:a:adobe:acrobat_3d:7.0::standard::::: cpe:2.3:a:adobe:acrobat_3d:7.0::professional:::::	28
Application	Adobe Acrobat Reader cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.0:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.8:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0:::::::* cpe:2.3:a:adobe:acrobat_reader:5.1:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.11:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.10:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0:::::::* cpe:2.3:a:adobe:acrobat_reader:4.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0:::::::* cpe:2.3:a:adobe:acrobat_reader:3.0:::::::*	32

OpenVAS Exploits

Date	Description
2008-10-04	Name : Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux) File : nvt/gb_adobe_prdts_code_exec_vuln_lin.nasl
2008-10-01	Name : Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) File : nvt/gb_adobe_prdts_code_exec_vuln_win.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200808-10 (acroread) File : nvt/glsa_200808_10.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
46548	Adobe Reader/Acrobat Unspecified JavaScript Method Handling Arbitrary Code Ex...

Nessus® Vulnerability Scanner

Date	Description
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12211.nasl - Type : ACT_GATHER_INFO
2009-08-28	Name : The version of Adobe Acrobat on the remote Windows host is affected by a Java... File : adobe_acrobat_812_su1.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0641.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-080722.nasl - Type : ACT_GATHER_INFO
2008-08-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-10.nasl - Type : ACT_GATHER_INFO
2008-07-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-5466.nasl - Type : ACT_GATHER_INFO
2008-07-24	Name : The remote openSUSE host is missing a security update. File : suse_acroread-5467.nasl - Type : ACT_GATHER_INFO
2008-06-25	Name : The remote Windows host contains an application that allows remote code execu... File : adobe_reader_812_su1.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	60
osvdb(s)	1
Openvas Exploit(s)	3
Nessus® Exploit(s)	8

	Related
10	CVE-2008-2641
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)