[STEAM-ADVISORY] STEAM-ADVISORY NO. 2008062701: Adobe Reader/Acrobat Vulnerability

Security Team threat advisory notification list. steam-advisory at lists.purdue.edu
Tue Jul 1 07:01:46 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adobe Reader/Acrobat Vulnerability

STEAM-ADVISORY NO. 2008062701
PURDUE UNIVERSITY SECURITY TEAM CIRT
27 June 11:14:00 EST 2008

==OVERVIEW==

 Adobe has reported a critical vulnerability in Acrobat and Reader.  The
vulnerability could allow a malicious user to crash an affected machine
to gain full access.  Most versions are affected.

==SYSTEMS AFFECTED==

~Adobe Acrobat 3D
~Adobe Acrobat 7.0.9 and earlier
~Adobe Acrobat 7 Professional
~Adobe Acrobat 8.x
~Adobe Acrobat 8 Professional
~Adobe Reader 7.0.9 and earlier
~Adobe Reader 8.x

==DETAILS==

A vulnerability has been discovered in Adobe Reader and Acrobat, which
could allow a malicious user to gain access to an affected machine.  The
exploit can be carried out by providing a specially crafted PDF file to
an unspecified JavaScript method that fails to perform proper input
validation.
NOTE:  There have been reports of this exploit being carried out in the
wild.   STEAM-CIRT recommends system administrators and users patch
their systems immediately.

(See resources section for full details of the vulnerability.)

==SOLUTIONS==

A fix for the vulnerabilities include:

~Adobe Acrobat/Reader 7 update to Acrobat/Reader 7.1.0
~Adobe Acrobat/Reader 8 update to Acrobat/Reader 8.1.2 Security Update 1

(See Adobe Advisory link in the resources section for the patch locations.)

==FURTHER INFORMATION AND RESOURCES==

Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-15.html

Secunia Advisory
http://secunia.com/advisories/30832/

Adobe Reader 8 for Windows
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3967

Adobe Reader 8 for Mac
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3966

Acrobat 8 for Windows
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3976

Acrobat 8 for Mac
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3977

Acrobat 3D Version 8 for Windows
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3975

Adobe Reader 7.0 – 7.0.9
http://www.adobe.com/go/getreader

Acrobat 7 for Windows
http://www.adobe.com/support/download...ct.jsp?product=1&platform=Windows

Acrobat 7 for Mac
http://www.adobe.com/support/download....jsp?product=1&platform=Macintosh

CVE-2008-2641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2641

==STEAM-CIRT CONTACT INFORMATION==

For questions concerning this advisory, please send email to:
  itap-securityhelp at purdue.edu.

Report computer-related abuse to steam-cirt:
  http://www.purdue.edu/securePurdue/incidentReportForm.cfm

http://www.purdue.edu/securepurdue/steam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIag2gPROieKcG94wRAlGtAJ4vBj/j5XAYDwddpzqoqf6NNmNGlwCcCav3
cjPyi80bDWjV98myxNcjx3o=
=hZSi
-----END PGP SIGNATURE-----


More information about the STEAM-ADVISORY mailing list