Vulnerabilities have been discovered in Adobe Acrobat Professional, 3D and Standard 8.1.2 and earlier versions and also Adobe Reader 8.1.2 and earlier versions.
From Core Security Technologies:
Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.
Adobe has issued patches for the affected versions but as a best-practice it is advisable to get the most recent version. Please note that Adobe Reader version 9 is not vulnerable to the exploit.
To check which version you are using, open up your Adobe application and click on Help then About.
If you have an affected version visit the Adobe link below to locate your version and then follow that link.
Source: Core Security Technologies - Adobe Reader Javascript Printf Buffer Overflow Adobe - Security Update available for Adobe Reader 8 and Acrobat 8
0 comments:
Post a Comment