1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Adobe Acrobat/Reader "util.printf()" Buffer Overflow

Report ID: SA29773
Source: Secunia
Date of Discovery: 04.11.2008
Criticality: Urgent
Affects:
Adobe Acrobat 3D 8.x
Adobe Acrobat 8 Professional
Adobe Acrobat 8.x
Adobe Reader 8.x 

Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.

Detailed Description

Multiple vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.

1) A boundary error exists when parsing format strings containing a floating point specifier in the "util.printf()" Javascript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF and allows execution of arbitrary code.

2) An out-of-bounds array indexing error when parsing embedded Type 1 fonts can be exploited to corrupt memory and may allow execution of arbitrary code.

3) An error in an AcroJS function used to perform HTTP authentication can be exploited to corrupt memory via an overly long string passed to the function. This may allow execution of arbitrary code.

4) An error when creating a Collab object and performing a specific sequence of actions on it can be exploited to corrupt memory. This may allow execution of arbitrary code.

5) An unspecified error when parsing malformed PDF objects can be exploited to corrupt memory, which may allow execution of arbitrary code.

6) An input validation error in the Download Manager used by Adobe Reader may allow code execution during the download process.

The vulnerability is related to SA32546

7) An error in the Download Manager used by Adobe Reader may result in a user’s Internet Security options being changed during the download process.

8) An input validation error in a JavaScript method may allow code execution.

9) An unspecified privilege escalation vulnerability exists in the version for UNIX/Linux.

The vulnerabilities are reported in version 8.1.2 and prior.

Solution

Upgrade to version 9 or update to version 8.1.3

Original Reference

-

CVE Reference

CVE-2008-2992