Published: 2008-02-17T08:01+00:00    Last Updated: 2008-02-17T08:01+00:00

TRTA08-043A
Adobe Reader and Acrobat Vulnerabilities

Overview

Adobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.

Event Information

Date (UTC)Description
2008-02-12 14:51 US-CERT
TA08-043A: Adobe Reader and Acrobat Vulnerabilities
Via US-CERT Mailing List
Adobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
2008-02-12 IBM Internet Security Systems
Adobe Reader and Adobe Acrobat Remote Code Execution
Adobe Acrobat Reader 8.1.1 and earlier and Adobe Acrobat 8.1.1 are vulnerable to multiple vulnerabilities that would allow an attacker to execute arbitrary code on a remote system by enticing a user to open a specially-crafted PDF file. One of these vulnerabilities is currently being exploited in the wild.
2008-02-11 15:41 US-CERT
Active Exploitation of Adobe Reader Vulnerabilities
US-CERT Current Activity
US-CERT has received information that vulnerabilities affecting Adobe Reader are actively being exploited. These vulnerabilities are exploited through a maliciously crafted PDF file containing a variant of the Zonebac Trojan.
2008-02-09 SANS Internet Storm Center
Adobe Reader exploit in the wild
The Adobe Reader vulnerability is being exploited in the wild! A malicious PDF file (called 1.pdf in this example) served from IP address "85.17.221.2" (not active at this time) downloads a malware specimen called Trojan, a variant of Zonebac. The IP address belongs to LeaseWeb, a hosting provider in The Netherlands we already notified.
2008-02-08 02:28 SANS Internet Storm Center
Multiple vulnerabilities in commonly used client software
The last couple of days have brought up multiple serious vulnerabilities in very commonly used client software:
2008-02-08 F-Secure
Trojan:W32/Agent.DXH
2008-02-07 14:20 US-CERT
Adobe Reader Update
US-CERT Current Activity
Adobe has released Adobe Reader 8.1.2 to address multiple unspecified vulnerabilities.
2008-02-07 Adobe
APSA08-01: Security update available for Adobe Reader and Acrobat 8
On Feb. 6, Adobe made an update to Acrobat and Adobe Reader 8 available to update the products to version 8.1.2.
2007-11-14 Zero Day Initiative (ZDI)
ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability
Integer Overflow Vulnerability (CVE-2008-0726)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file.
Vulnerability Reported
2007-11-01 Fortinet
FGA-2008-04: Silent Print Vulnerability in Adobe Acrobat/Reader
A specially crafted PDF document may silently request to be printed with arbitrary frequency, causing a denial of service while wasting resources.
Vulnerability Reported
2007-10-10 iDefense
Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities
Stack-based Buffer Overflow Vulnerabilities (CVE-2007-5659)
Vulnerability Reported
These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code.
2007-10-03 iDefense
Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability
EScript.api plug-in vulnerability (CVE-2007-5663)
Vulnerability Reported
Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code.
2007-09-25 iDefense
Adobe Reader Security Provider Unsafe Libary Path Vulnerability
Untrusted search path vulnerability (CVE-2007-5666)
Vulnerability Reported
This vulnerability is due to Adobe Reader using a path for "Security Provider" libraries that contains the directory the application was started in. Security Provider libraries provide encryption and signature verification routines to applications. If the current directory contains a file with the same name as a Security Provider library, the file will be loaded into the application, potentially allowing code execution.