Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4812

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4812
Last Modified 05 Nov 2012 11:10:41
Published 05 Nov 2008 10:00:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4812

Summary

Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.

Vulnerable Systems

Application

  • Adobe Acrobat 8.1.1

  • Adobe Acrobat 8.1.2

  • Adobe Reader 8.1.2


References

CERT - TA08-309A

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-19.html

XF - adobe-acrobatreader-type1font-code-execution(46332)

VUPEN - ADV-2009-0098

VUPEN - ADV-2008-3001

BID - 32100

REDHAT - RHSA-2008:0974

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801

SECUNIA - 35163

SECUNIA - 32872

SECUNIA - 32700

SUSE - SUSE-SR:2008:026

IDEFENSE - 20081104 Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability

SECTRACK - 1021140

SUNALERT - 249366

Related Patches

Adobe Acrobat 8.1.3 Update for Mac

Adobe Reader 8.1.3 Update for Macintosh (PPC)

Adobe Reader 8.1.3 Update for Windows (Rev 2)


Last Updated: 27 May 2016 10:49:44