Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.

The version of Adobe Acrobat installed on the remote host is earlier than 8.1.2 or 7.1.0.  Such versions are reportedly affected by multiple vulnerabilities :

  - A design error vulnerability may allow an attacker to     gain control of a user's printer.

  - Multiple stack-based buffer overflows may allow an     attacker to execute arbitrary code subject to the     user's privileges.

  - Insecure loading of 'Security Provider' libraries may     allow for arbitrary code execution.

  - An insecure method exposed by the JavaScript library     in the 'EScript.api' plug-in allows direct control     over low-level features of the object, which allows     for execution of arbitrary code as the current user.

  - Two vulnerabilities in the unpublicized function     'app.checkForUpdate()' exploited through a callback     function could lead to arbitrary code execution in     Adobe Acrobat 7.

Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

The Adobe Reader allows users to view and print documents in portable document format (PDF).

Several flaws were found in the way Adobe Reader processed malformed PDF files. An attacker could create a malicious PDF file which could execute arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0726)

A flaw was found in the way the Adobe Reader browser plug-in honored certain requests. A malicious PDF file could cause the browser to request an unauthorized URL, allowing for a cross-site request forgery attack. (CVE-2007-0044)

A flaw was found in Adobe Reader's JavaScript API DOC.print function.
A malicious PDF file could silently trigger non-interactive printing of the document, causing multiple copies to be printed without the users consent. (CVE-2008-0667)

Additionally, this update fixes multiple unknown flaws in Adobe Reader. When the information regarding these flaws is made public by Adobe, it will be added to this advisory. (CVE-2008-0655)

Note: Adobe have yet to release security fixed versions of Adobe 7.
All users of Adobe Reader are, therefore, advised to install these updated packages. They contain Adobe Reader version 8.1.2, which is not vulnerable to these issues.

The remote host is affected by the vulnerability described in GLSA-200803-01 (Adobe Acrobat Reader: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Acrobat Reader,     including:
    A file disclosure when using file:// in PDF documents     (CVE-2007-1199)     Multiple buffer overflows in unspecified JavaScript methods     (CVE-2007-5659)     An unspecified vulnerability in the Escript.api plugin     (CVE-2007-5663)     An untrusted search path (CVE-2007-5666)     Incorrect handling of printers (CVE-2008-0667)     An integer overflow when passing incorrect arguments to     'printSepsWithParams' (CVE-2008-0726)     Other unspecified vulnerabilities have also been reported     (CVE-2008-0655).
  Impact :

    A remote attacker could entice a user to open a specially crafted     document, possibly resulting in the remote execution of arbitrary code     with the privileges of the user running the application. A remote     attacker could also perform cross-site request forgery attacks, or     cause a Denial of Service.
  Workaround :

    There is no known workaround at this time.

This version update to 8.1.2 fixes numerous bugs, including some security problems. (CVE-2008-0667 / CVE-2008-0655 / CVE-2008-0726)

The version of Adobe Reader installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities :

  - A design error vulnerability may allow an attacker to     gain control of a user's printer.

  - Multiple stack-based buffer overflows may allow an     attacker to execute arbitrary code subject to the     user's privileges.

  - Insecure loading of 'Security Provider' libraries may     allow for arbitrary code execution.

  - An insecure method exposed by the JavaScript library     in the 'EScript.api' plug-in allows direct control     over low-level features of the object, which allows     for execution of arbitrary code as the current user.

  - Two vulnerabilities in the unpublicized function     'app.checkForUpdate()' exploited through a callback     function could lead to arbitrary code execution in     Adobe Reader 7.

ID	Name	Product	Family	Severity
40800	Adobe Acrobat < 8.1.2 / 7.1.0 Multiple Vulnerabilities	Nessus	Windows	high
40715	RHEL 3 / 4 / 5 : acroread (RHSA-2008:0144)	Nessus	Red Hat Local Security Checks	high
31328	GLSA-200803-01 : Adobe Acrobat Reader: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
31126	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5010)	Nessus	SuSE Local Security Checks	high
30200	Adobe Reader < 7.1.0 / 8.1.2 Multiple Vulnerabilities	Nessus	Windows	high

Detections

Analytics

CVE-2008-0726

high

Tenable Plugins

high

high

high

high

high