Published: 2008-11-09T20:54+00:00
Last Updated: 2008-11-23T04:24+00:00
TRTA08-309A
Adobe Reader and Acrobat Vulnerabilities
Overview
Adobe has released Security Bulletin APSB08-19 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
Event Information
| Date (UTC) | Description |
| 2008-11-13 16:02 |
Trend Micro Bogus Federal Reserve Sites Deliver PDF Exploit TrendLabs | Malware Blog - by Trend Micro A new round of PDF exploits are being pushed by websites pretending to be the US Federal Reserve. Several spammed email messages were intercepted starting last week advertising these fake Federal Reserve pages. |
| 2008-11-12 02:04 |
SANS Internet Storm Center Acrobat continued activity in the wild (Version: 3) It seems those responsible for the prior reported attacks, and followed up only yesterday, are still busy and most probably successful at it. |
| 2008-11-12 |
Trend Micro TROJ_PIDIEF.DN Exploiting Adobe Reader Vulnerability It exploits a known vulnerability in Adobe Reader versions 8.1.2 and earlier. This vulnerability may cause the said application to crash and may also allow a remote malicious user to take control over an affected system when a user views a specially-crafted .PDF file. |
| 2008-11-11 08:17 |
Trend Micro Adobe Reader Vulnerability: Actively Being Exploited TrendLabs | Malware Blog - by Trend Micro Last week, Adobe released an update for Adobe Acrobat 8 and Adobe Reader 8 and a day later, a working exploit code for the util.printf() vulnerability was released. As expected, malware authors were quick to use the exploit for their own gain. |
| 2008-11-10 23:35 |
SANS Internet Storm Center Adobe Reader Vulnerability - part 2 You may have read Bojan's excellent diary earlier this month where he looks at a couple of new PDF exploits with zero AV coverage. The low coverage was likely to be caused by a funky method of confusing the AV engine when its parsing the Javascript contained within the PDF. |
| 2008-11-07 21:54 |
Symantec Trojan.Pidief.D Exploiting Adobe Reader Vulnerability (CVE-2008-2992) Trojan.Pidief.D is a Trojan horse that exploits the Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability (BID 30035) to download and execute files from the Internet. |
| 2008-11-07 19:19 |
US-CERT Adobe Reader Exploit Circulating US-CERT Current Activity US-CERT is aware of public reports of active exploitation of a recent Adobe Reader vulnerability. This exploit appears to arrive in the form of a maliciously crafted PDF file and leverages the JavaScript buffer overflow vulnerability addressed in Adobe Security Bulletin APSB08-19. Successful exploitation may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Additionally, the reports indicate that this exploit is currently undetectable by common antivirus applications. |
| 2008-11-07 15:54 |
SANS Internet Storm Center Adobe Reader vulnerability exploited in the wild One of our readers, Wayne Dilly, sent couple of malicious PDF documents to us. Wayne noticed that some machines got infected and wondered if the PDF documents exploited the vulnerability patched by Adobe couple of days ago (CVE-2008-2992 - see http://isc.sans.org/diary.html?storyid=5282). |
| 2008-11-07 |
Trend Micro TROJ_PIDIEF.CB Exploiting Adobe Reader Vulnerability This Trojan exploits a known vulnerability in Adobe Reader versions 8.1.2 and earlier. This vulnerability may cause the said application to crash and may also allow a remote malicious user to take control over an affected system when a user views a specially-crafted PDF file. |
| 2008-11-06 |
Bugtraq Adobe Reader Javascript Printf Buffer Overflow Exploit Printf Buffer Overflow (CVE-2008-2992) #Cid: adobe-CVE-2008-2992.txt #Cid: 30035.c |
| 2008-11-05 03:51 |
JPCERT/CC JPCERT-AT-2008-0020: Vulnerability in Adobe Acrobat and Adobe Reader |
| 2008-11-05 02:11 |
SANS Internet Storm Center Adobe8 Adobe released a security update for Adobe Reader 8 and Acrobat 8 that covers 8 different CVEs today. |
| 2008-11-04 21:43 |
US-CERT TA08-309A: Adobe Reader and Acrobat Vulnerabilities Via US-CERT Mailing List |
| 2008-11-04 18:03 |
US-CERT Adobe Releases Security Bulletin US-CERT Current Activity Adobe has released a Security Bulletin to address multiple vulnerabilities in Adobe Reader 8 and Acrobat 8. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. |
| 2008-11-04 |
Adobe APSA08-01: Security Update available for Adobe Reader 8 and Acrobat 8 Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. |
| 2008-05-27 |
Core Security Technologies CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow Printf Buffer Overflow (CVE-2008-2992) Vulnerability Reported |
| 2008-05-12 |
Zero Day Initiative (ZDI) ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability PDF Code Execution Vulnerability (CVE-2008-4813) This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe Acrobat. User interaction is required in that a user must visit a malicious web site. Vulnerability Reported |
| 2008-04-16 |
Secunia Research 2008-14: Adobe Acrobat/Reader "util.printf()" Buffer Overflow Printf Buffer Overflow (CVE-2008-2992) Vulnerability Reported |
| 2008-04-08 |
Zero Day Initiative (ZDI) ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability PDF Code Execution Vulnerability (CVE-2008-4813) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. Vulnerability Reported |
| 2008-03-21 |
iDefense Adobe Acrobat Professional And Reader AcroJS Heap Corruption Vulnerability AcroJS Heap Corruption Vulnerabilities (CVE-2008-4817) Vulnerability Reported The vulnerable code is an AcroJS function available to scripting code inside of a PDF document. This function is used for HTTP authentication. By passing a long string to this function, it is possible to corrupt heap memory in such a way that may lead to the execution of arbitrary code. |
| 2008-01-21 |
Zero Day Initiative (ZDI) ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability PDF Javascript printf Stack Overflow Vulnerability (CVE-2008-2992) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Vulnerability Reported |
| 2007-12-27 |
iDefense Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability Font Handling Vulnerabilities (CVE-2008-4812) Vulnerability Reported The vulnerability specifically exists in code responsible for parsing Type 1 fonts. After allocating an area of memory, no bounds checking is performed. Subsequent access of this memory may result in modification of arbitrary memory, which in turn may result in arbitrary code execution. |