Other Sites
Vulnerability identifier: APSB08-19
CVE number: CVE-2008-2992, CVE-2008-2549, CVE-2008-4812, CVE-2008-4813, CVE-2008-4817, CVE-2008-4816, CVE-2008-4814, CVE-2008-4815
Platform: All Platforms
Summary
Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe Reader 9 and Acrobat 9 are not vulnerable to these issues. Adobe recommends users of Acrobat 8 and Adobe Reader 8 who can't update to Adobe Reader 9 install the 8.1.3 update to protect themselves from potential vulnerabilities.
Affected software versions
Adobe Reader 8.1.2 and earlier versions
Adobe Acrobat Professional, 3D and Standard 8.1.2 and earlier versions
Solution
Adobe Reader
Adobe recommends Adobe Reader users update to Adobe Reader 9, available here:
http://www.adobe.com/go/getreader
Users with Adobe Reader 8.0 through 8.1.2, who can't update to Adobe Reader 9, should update to Adobe Reader 8.1.3:
http://www.adobe.com/go/getreader
Acrobat 8
Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.3, available here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Adobe recommends Acrobat 8 users on Macintosh update to Acrobat 8.1.3, available here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe recommends Acrobat 3D Version 8 users on Windows update to Acrobat 3D Version 8.1.3, available here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
Severity rating
Adobe categorizes this as a critical issue and recommends that users apply the update for their product installations.
Details
Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Acrobat and Adobe Reader update their product installations using the instructions above to protect themselves from potential vulnerabilities.
This update resolves multiple input validation errors that could potentially lead to code execution. (CVE-2008-4812)
This update resolves multiple input validation issues that could potentially lead to remote code execution. (CVE-2008-4813)
This update resolves an input validation issue in a JavaScript method that could potentially lead to remote code execution. (CVE-2008-2992)
An input validation issue in the Download Manager used by Adobe Reader that could potentially lead to remote code execution during the download process has been resolved. (CVE-2008-4817)
A Windows-only issue in the Download Manager used by Adobe Reader that could lead to a user's Internet Security options being changed during the download process has been resolved. (CVE-2008-4816)
This update resolves an input validation issue in a JavaScript method that could potentially lead to remote code execution. (CVE-2008-4814)
This update resolves a potential Unix-only privilege escalation issue (CVE-2008-4815)
This update resolves a publicly-published denial of service issue. (CVE-2008-2549)
http://www.adobe.com/support/security/bulletins/apsb08-19.html
Tags: Software Updates ď Software News ď Security ď
