Summary
This host has Adobe Reader/Acrobat installed, which is/are prone to multiple vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code to cause a stack based overflow via a specially crafted PDF, and could also take complete control of the affected system and cause the application to crash.
Impact Level: System
Insight
The flaws are due to,
- a boundary error when parsing format strings containing a floating point specifier in the util.printf() Javascript function.
- improper parsing of type 1 fonts.
- bounds checking not being performed after allocating an area of memory.
Affected
Adobe Reader versions 8.1.2 and prior - Windows(All) Adobe Acrobat Professional versions 8.1.2 and prior - Windows(All)
Upgrade to 8.1.3 or higher versions,
http://www.adobe.com/products/
References
Severity
Classification
-
CVE CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4815, CVE-2008-4816, CVE-2008-4817 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)
- avast! Multiple Vulnerabilities - Oct09 (Win)
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
- Blazevideo HDTV Player PLF File Buffer Overflow Vulnerability
- ALLMediaServer Request Handling Stack Buffer Overflow Vulnerability