Summary
This host has Adobe Reader/Acrobat installed, which is/are prone to multiple vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code to cause a stack based overflow via a specially crafted PDF, and could also take complete control of the affected system and cause the application to crash.
Impact Level: System
Insight
The flaws are due to,
- a boundary error when parsing format strings containing a floating point specifier in the util.printf() Javascript function.
- improper parsing of type 1 fonts.
- bounds checking not being performed after allocating an area of memory.
Affected
Adobe Reader versions 8.1.2 and prior - Windows(All) Adobe Acrobat Professional versions 8.1.2 and prior - Windows(All)
Upgrade to 8.1.3 or higher versions,
http://www.adobe.com/products/
References
Severity
Classification
-
CVE CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4815, CVE-2008-4816, CVE-2008-4817 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
- Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
- Buffer Overflow Vulnerability in Adobe Reader (Linux)