Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4817

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4817
Last Modified 05 Nov 2012 11:10:43
Published 05 Nov 2008 10:00:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4817

Summary

The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.

Vulnerable Systems

Application

  • Adobe Acrobat 8.1.1

  • Adobe Acrobat 8.1.2

  • Adobe Reader 8.1.2


References

CERT - TA08-309A

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-19.html

VUPEN - ADV-2009-0098

VUPEN - ADV-2008-3001

REDHAT - RHSA-2008:0974

SECUNIA - 32872

SECUNIA - 32700

OSVDB - 49541

SUSE - SUSE-SR:2008:026

IDEFENSE - 20081104 Adobe Acrobat Professional And Reader AcroJS Heap Corruption Vulnerability

SECTRACK - 1021140

SUNALERT - 249366

Related Patches

Adobe Acrobat 8.1.3 Update for Mac

Adobe Reader 8.1.3 Update for Macintosh (PPC)

Adobe Reader 8.1.3 Update for Windows (Rev 2)


Last Updated: 27 May 2016 10:49:44