Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4813

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4813
Last Modified 05 Nov 2012 11:10:42
Published 05 Nov 2008 10:00:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4813

Summary

Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.

Vulnerable Systems

Application

  • Adobe Acrobat 8.1.1

  • Adobe Acrobat 8.1.2

  • Adobe Reader 8.1.2


References

CERT - TA08-309A

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-19.html

XF - adobe-acrobatreader-collab-code-execution(46344)

XF - adobe-acrobatreader-object-code-execution(46333)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-074/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-073/

VUPEN - ADV-2009-0098

VUPEN - ADV-2008-3001

BID - 32100

BUGTRAQ - 20081104 ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability

BUGTRAQ - 20081104 ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability

REDHAT - RHSA-2008:0974

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb09-04.html

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801

SREASON - 4564

SECUNIA - 32872

SECUNIA - 32700

SUSE - SUSE-SR:2008:026

SECTRACK - 1021140

SUNALERT - 249366

Related Patches

Adobe Acrobat 8.1.3 Update for Mac

Adobe Reader 8.1.3 Update for Macintosh (PPC)

Adobe Reader 8.1.3 Update for Windows (Rev 2)


Last Updated: 27 May 2016 10:49:44