Published: 2008-02-17T08:01+00:00
Last Updated: 2008-02-17T08:01+00:00
TRTA08-043A
Adobe Reader and Acrobat Vulnerabilities
Overview
Adobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
Event Information
| Date (UTC) | Description |
| 2008-02-12 14:51 |
US-CERT TA08-043A: Adobe Reader and Acrobat Vulnerabilities Via US-CERT Mailing List Adobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. |
| 2008-02-12 |
IBM Internet Security Systems Adobe Reader and Adobe Acrobat Remote Code Execution Adobe Acrobat Reader 8.1.1 and earlier and Adobe Acrobat 8.1.1 are vulnerable to multiple vulnerabilities that would allow an attacker to execute arbitrary code on a remote system by enticing a user to open a specially-crafted PDF file. One of these vulnerabilities is currently being exploited in the wild. |
| 2008-02-11 15:41 |
US-CERT Active Exploitation of Adobe Reader Vulnerabilities US-CERT Current Activity US-CERT has received information that vulnerabilities affecting Adobe Reader are actively being exploited. These vulnerabilities are exploited through a maliciously crafted PDF file containing a variant of the Zonebac Trojan. |
| 2008-02-09 |
SANS Internet Storm Center Adobe Reader exploit in the wild The Adobe Reader vulnerability is being exploited in the wild! A malicious PDF file (called 1.pdf in this example) served from IP address "85.17.221.2" (not active at this time) downloads a malware specimen called Trojan, a variant of Zonebac. The IP address belongs to LeaseWeb, a hosting provider in The Netherlands we already notified. |
| 2008-02-08 02:28 |
SANS Internet Storm Center Multiple vulnerabilities in commonly used client software The last couple of days have brought up multiple serious vulnerabilities in very commonly used client software: |
| 2008-02-08 |
F-Secure Trojan:W32/Agent.DXH |
| 2008-02-07 14:20 |
US-CERT Adobe Reader Update US-CERT Current Activity Adobe has released Adobe Reader 8.1.2 to address multiple unspecified vulnerabilities. |
| 2008-02-07 |
Adobe APSA08-01: Security update available for Adobe Reader and Acrobat 8 On Feb. 6, Adobe made an update to Acrobat and Adobe Reader 8 available to update the products to version 8.1.2. |
| 2007-11-14 |
Zero Day Initiative (ZDI) ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability Integer Overflow Vulnerability (CVE-2008-0726) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. Vulnerability Reported |
| 2007-11-01 |
Fortinet FGA-2008-04: Silent Print Vulnerability in Adobe Acrobat/Reader A specially crafted PDF document may silently request to be printed with arbitrary frequency, causing a denial of service while wasting resources. Vulnerability Reported |
| 2007-10-10 |
iDefense Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities Stack-based Buffer Overflow Vulnerabilities (CVE-2007-5659) Vulnerability Reported These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. |
| 2007-10-03 |
iDefense Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability EScript.api plug-in vulnerability (CVE-2007-5663) Vulnerability Reported Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code. |
| 2007-09-25 |
iDefense Adobe Reader Security Provider Unsafe Libary Path Vulnerability Untrusted search path vulnerability (CVE-2007-5666) Vulnerability Reported This vulnerability is due to Adobe Reader using a path for "Security Provider" libraries that contains the directory the application was started in. Security Provider libraries provide encryption and signature verification routines to applications. If the current directory contains a file with the same name as a Security Provider library, the file will be loaded into the application, potentially allowing code execution. |
Other Information