The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://securityreason.com/securityalert/3861 | third-party-advisory x_refsource_SREASON |
| http://www.adobe.com/support/security/bulletins/apsb08-13.html | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/1966/references | vdb-entry x_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/491735/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 | vendor-advisory x_refsource_SUNALERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42237 | vdb-entry x_refsource_XF |
| http://secunia.com/advisories/30840 | third-party-advisory x_refsource_SECUNIA |
| http://securitytracker.com/id?1019971 | vdb-entry x_refsource_SECTRACK |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://securityreason.com/securityalert/3861 | third-party-advisory x_refsource_SREASON x_transferred |
| http://www.adobe.com/support/security/bulletins/apsb08-13.html | x_refsource_CONFIRM x_transferred |
| http://www.vupen.com/english/advisories/2008/1966/references | vdb-entry x_refsource_VUPEN x_transferred |
| http://www.securityfocus.com/archive/1/491735/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 | vendor-advisory x_refsource_SUNALERT x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42237 | vdb-entry x_refsource_XF x_transferred |
| http://secunia.com/advisories/30840 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://securitytracker.com/id?1019971 | vdb-entry x_refsource_SECTRACK x_transferred |
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 9.3 | HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Hyperlink | Source | Resource |
|---|---|---|
| http://secunia.com/advisories/30840 | cve@mitre.org | Vendor Advisory |
| http://securityreason.com/securityalert/3861 | cve@mitre.org | N/A |
| http://securitytracker.com/id?1019971 | cve@mitre.org | N/A |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1 | cve@mitre.org | N/A |
| http://www.adobe.com/support/security/bulletins/apsb08-13.html | cve@mitre.org | Vendor Advisory |
| http://www.securityfocus.com/archive/1/491735/100/0/threaded | cve@mitre.org | N/A |
| http://www.vupen.com/english/advisories/2008/1966/references | cve@mitre.org | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42237 | cve@mitre.org | N/A |