Security hole in PDF

By Koushik Saha on 9.11.08

Filed Under: , , ,

The research and development team of SkyRecon identified a security vulnerability in PDF files. The problem mainly affects version 8 of Adobe Reader and Acrobat. All operating systems can read PDF files are concerned. Exploiting the flaw could be used to perform hair of Troy and other malicious code. Adobe has posted security patches to counter the problem.

Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe Reader 9 and Acrobat 9 are not vulnerable to these issues. Adobe recommends users of Acrobat 8 and Adobe Reader 8 who can’t update to Adobe Reader 9 install the 8.1.3 update to protect themselves from potential vulnerabilities.An input validation issue in the Download Manager used by Adobe Reader that could potentially lead to remote code execution during the download process has been resolved. (CVE-2008-4817)

A Windows-only issue in the Download Manager used by Adobe Reader that could lead to a user’s Internet Security options being changed during the download process has been resolved. (CVE-2008-4816)


Details :

This update resolves multiple input validation errors that could potentially lead to code execution. (CVE-2008-4812).

This update resolves multiple input validation issues that could potentially lead to remote code execution. (CVE-2008-4813).

This update resolves an input validation issue in a JavaScript method that could potentially lead to remote code execution. (CVE-2008-2992)

This update resolves an input validation issue in a JavaScript method that could potentially lead to remote code execution. (CVE-2008-4814)

This update resolves a potential Unix-only privilege escalation issue (CVE-2008-4815)

This update resolves a publicly-published denial of service issue. (CVE-2008-2549)


For more information:Adobe

0 comments for this post