Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2042

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2042
Last Modified 07 Mar 2011 10:08:37
Published 07 May 2008 08:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2042

Summary

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.

Vulnerable Systems

Application

  • Adobe Acrobat 3.0

  • Adobe Acrobat 3.1

  • Adobe Acrobat 4.0

  • Adobe Acrobat 4.0.5

  • Adobe Acrobat 4.0.5a

  • Adobe Acrobat 4.0.5c

  • Adobe Acrobat 5.0

  • Adobe Acrobat 5.0.10

  • Adobe Acrobat 5.0.5

  • Adobe Acrobat 5.0.6

  • Adobe Acrobat 6.0

  • Adobe Acrobat 6.0.1

  • Adobe Acrobat 6.0.2

  • Adobe Acrobat 6.0.3

  • Adobe Acrobat 6.0.4

  • Adobe Acrobat 6.0.5

  • Adobe Acrobat 6.0.6

  • Adobe Acrobat 7.0

  • Adobe Acrobat 7.0.1

  • Adobe Acrobat 7.0.2

  • Adobe Acrobat 7.0.3

  • Adobe Acrobat 7.0.4

  • Adobe Acrobat 7.0.5

  • Adobe Acrobat 7.0.6

  • Adobe Acrobat 7.0.7

  • Adobe Acrobat 7.0.8

  • Adobe Acrobat 7.0.9

  • Adobe Acrobat 7.1.0

  • Adobe Acrobat 7.1.1

  • Adobe Acrobat 7.1.2

  • Adobe Acrobat 7.1.3

  • Adobe Acrobat 7.1.4

  • Adobe Acrobat 8.0.0

  • Adobe Acrobat 8.1

  • Adobe Acrobat 8.1.1

  • Adobe Acrobat Reader 3.0

  • Adobe Acrobat Reader 3.01

  • Adobe Acrobat Reader 3.02

  • Adobe Acrobat Reader 4.0

  • Adobe Acrobat Reader 4.0.5

  • Adobe Acrobat Reader 4.0.5a

  • Adobe Acrobat Reader 4.0.5c

  • Adobe Acrobat Reader 4.5

  • Adobe Acrobat Reader 5.0

  • Adobe Acrobat Reader 5.0.10

  • Adobe Acrobat Reader 5.0.11

  • Adobe Acrobat Reader 5.0.5

  • Adobe Acrobat Reader 5.0.6

  • Adobe Acrobat Reader 5.0.7

  • Adobe Acrobat Reader 5.0.9

  • Adobe Acrobat Reader 5.1

  • Adobe Acrobat Reader 6.0

  • Adobe Acrobat Reader 6.0.1

  • Adobe Acrobat Reader 6.0.2

  • Adobe Acrobat Reader 6.0.3

  • Adobe Acrobat Reader 6.0.4

  • Adobe Acrobat Reader 6.0.5

  • Adobe Acrobat Reader 6.0.6

  • Adobe Acrobat Reader 7.0

  • Adobe Acrobat Reader 7.0.1

  • Adobe Acrobat Reader 7.0.2

  • Adobe Acrobat Reader 7.0.3

  • Adobe Acrobat Reader 7.0.4

  • Adobe Acrobat Reader 7.0.5

  • Adobe Acrobat Reader 7.0.6

  • Adobe Acrobat Reader 7.0.7

  • Adobe Acrobat Reader 7.0.8

  • Adobe Acrobat Reader 7.0.9

  • Adobe Acrobat Reader 7.1.0

  • Adobe Acrobat Reader 7.1.1

  • Adobe Acrobat Reader 7.1.2

  • Adobe Acrobat Reader 7.1.3

  • Adobe Acrobat Reader 7.1.4

  • Adobe Acrobat Reader 8.0

  • Adobe Acrobat Reader 8.1

  • Adobe Acrobat Reader 8.1.1


References

XF - adobe-appcheckforupdate-code-execution(42237)

VUPEN - ADV-2008-1966

BUGTRAQ - 20080507 Adobe Acrobat Professional Javascript For PDF Security Feature Bypass and Memory Corruption Vulnerabilities

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-13.html

SUNALERT - 239286

SECTRACK - 1019971

SREASON - 3861

SECUNIA - 30840

Related Patches

Adobe Acrobat 7.1.0 Update for Mac

Adobe Reader 8.1.2 Update for Macintosh (PPC) (Rev 2)

Adobe Reader 8.1.2 Update (See Note) (Rev 6)


Last Updated: 27 May 2016 10:47:44