SecurityTracker: (Sun Issues Advisory) Adobe Reader Stack Overflows, Insecure Methods, Unsafe Library Path, and Other Bugs Let Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Adobe Acrobat/Reader

Vendors: Adobe Systems Incorporated

(Sun Issues Advisory) Adobe Reader Stack Overflows, Insecure Methods, Unsafe Library Path, and Other Bugs Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1020376

SecurityTracker URL: http://securitytracker.com/id/1020376

CVE Reference: CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0655, CVE-2008-0667, CVE-2008-0726 (Links to External Site)

Date: Jun 27 2008

Impact: Execution of arbitrary code via network, User access via network

Vendor Confirmed: Yes

Version(s): prior to 8.1.2

Description: Several vulnerabilities were reported in Adobe Reader. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Stack overflows exist in JavaScript methods [CVE-2007-5659].

An insecure method exists in the JavaScript library [CVE-2007-5663].

An unsafe library path for "Security Provider" libraries exists [CVE-2007-5666].

An integer overflow exists in a JavaScript function [CVE-2008-0726].

A vulnerability in the Javascript DOC.print() function lets remote users control printers [CVE-2008-0667].

Acrobat and Adobe Reader 7.0.9 and prior versions are also affected by some of these vulnerabilities.

Tavis Ormandy and Will Drewry of the Google Security Team, cocoruder of Fortinet Security Research Team, Greg MacManus of iDefense Labs, and Paul Craig of Security-Assessment.com reported these vulnerabilities. An anonymous researcher reported one vulnerability via TippingPoint.

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: Sun is working on a fix for Solaris.

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-239286-1

Vendor URL: www.adobe.com/support/security/bulletins/apsb08-13.html (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (Solaris - SunOS)

Message History: This archive entry is a follow-up to the message listed below.

Adobe Reader Stack Overflows, Insecure Methods, Unsafe Library Path, and Other Bugs Let Remote Users Execute Arbitrary Code

Source Message Contents

Date: Thu, 26 Jun 2008 16:12:04 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239286-1



CVE-2007-4768
CVE-2007-5659
CVE-2007-5663
CVE-2007-5666
CVE-2008-0655
CVE-2008-0667
CVE-2008-0726
CVE-2008-2042

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC