Executive Summary
Summary | |
---|---|
Title | Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method |
Informations | |||
---|---|---|---|
Name | VU#788019 | First vendor Publication | 2008-06-25 |
Vendor | VU-CERT | Last vendor Modification | 2008-06-25 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#788019Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript methodOverviewAdobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system.I. DescriptionAdobe Acrobat Reader is software designed to view Portable Document Format (PDF) files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files inside of a web browser. According to Adobe security bulletin APSB08-15, Adobe Reader and Acrobat fail to properly validate input to a JavaScript method, which can allow an attacker to take control of an affected system.Adobe indicates that this issue is being exploited in the wild. This issue is addressed in Adobe Reader and Acrobat 8.1.2 Security Update 1 and also version 7.1.0. Please see Adobe security bulletin APSB08-15 for more details.
[HKEY_CLASSES_ROOTAcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser:
Do not open unfamiliar or unexpected PDF attachments. Users can convert PDF documents to text by using the Adobe Online Conversion Tools site. See the Online Conversion Tools FAQ for information about this service. This workaround will not mitigate all attack vectors. Systems Affected
References
This vulnerability was reported by Adobe, who in turn credit the Johns Hopkins University Applied Physics Laboratory. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/788019 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22594 | |||
Oval ID: | oval:org.mitre.oval:def:22594 | ||
Title: | ELSA-2008:0641: acroread security update (Critical) | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0641-02 CVE-2008-0883 CVE-2008-2641 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | acroread |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-10-04 | Name : Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux) File : nvt/gb_adobe_prdts_code_exec_vuln_lin.nasl |
2008-10-01 | Name : Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) File : nvt/gb_adobe_prdts_code_exec_vuln_win.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-10 (acroread) File : nvt/glsa_200808_10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46548 | Adobe Reader/Acrobat Unspecified JavaScript Method Handling Arbitrary Code Ex... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12211.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The version of Adobe Acrobat on the remote Windows host is affected by a Java... File : adobe_acrobat_812_su1.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0641.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-080722.nasl - Type : ACT_GATHER_INFO |
2008-08-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-10.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-5466.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-5467.nasl - Type : ACT_GATHER_INFO |
2008-06-25 | Name : The remote Windows host contains an application that allows remote code execu... File : adobe_reader_812_su1.nasl - Type : ACT_GATHER_INFO |