(Sun Issues Advisory) Adobe Reader Javascript Method Bug Lets Remote Users Execute Restricted Functions
|
|
SecurityTracker Alert ID: 1020618 |
|
SecurityTracker URL: http://securitytracker.com/id/1020618
|
|
CVE Reference:
CVE-2008-2641
(Links to External Site)
|
Date: Aug 4 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): 7.0.9 and prior 7.x versions; 8.1.2 and prior 8.x versions
|
Description:
A vulnerability was reported in Adobe Acrobat and Adobe Reader. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will trigger an input validation flaw in a JavaScript method and execute arbitrary code on the target system. The code will run with the privileges of the target user.
This vulnerability is being actively exploited.
The Information Security Team of the Johns Hopkins University Applied Physics Laboratory reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
Sun is working on a fix.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240106-1
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb08-15.html (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Sun, 3 Aug 2008 22:11:20 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240106-1
|
CVE-2008-0883
CVE-2008-2641
|
|
