Issues the date: 2008-11-04
Renewal date: 2008-11-05
Is affected the system:
Adobe Acrobat < 8.1.3
Adobe Reader < 8.1.3
Not affected system:
Adobe Acrobat 8.1.3
Adobe Reader 9
Adobe Reader 8.1.3
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 32100
CVE(CAN) ID: CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4815
Adobe Acrobat and Reader are very popular PDF document reading and the editor.
In Adobe Acrobat and Reader is responsible to analyze the Type 1 typeface the code existence to cross the border the array index crack. After assigning the memory area, has not carried out the boundary detection, afterward visits this memory possibly to cause to revise the random memory.
When in processes JavaScript which in the PDF documents contains, if founded the Collab object and has carried out specific sequence operation, triggers the memory destruction on the possibility.
In the abnormal PDF object which when in the analysis document defines possibly will trigger the small scale the memory destruction, will cause to carry out the random order by the current user's jurisdiction.
<* origin: Greg MacManus
Peter Vregdenhil
Thomas Garnier
Link: http://www.adobe.com/support/security/bulletins/apsb08-19.html
http://marc.info/?l=bugtraq&m=122583497331398&w=2
http://marc.info/?l=bugtraq&m=122583455230688&w=2
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
http://www.us-cert.gov/cas/techalerts/TA08-309A.html
*>
Suggested:
--------------------------------------------------------------------------------
Temporary solution:
* forbids the web browser to demonstrate or to open the PDF documents automatically.
* is forbid JavaScript in Adobe Reader and Acrobat.
Manufacturer patch:
Adobe
-----
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
|