Login   |   Secure Purdue > News

Adobe Acrobat and Reader Vulnerability affects Windows and Macs

Adobe Reader/Acrobat Vulnerability

STEAM-ADVISORY NO. 2008062701
PURDUE UNIVERSITY SECURITY TEAM CIRT
27 June 11:14:00 EST 2008
 
==OVERVIEW==

 Adobe has reported a critical vulnerability in Acrobat and Reader.  The vulnerability could allow a malicious user to crash an affected machine to gain full access.  Most versions are affected.

==SYSTEMS AFFECTED==

~Adobe Acrobat 3D
~Adobe Acrobat 7.0.9 and earlier
~Adobe Acrobat 7 Professional
~Adobe Acrobat 8.x
~Adobe Acrobat 8 Professional
~Adobe Reader 7.0.9 and earlier
~Adobe Reader 8.x

==DETAILS==

A vulnerability has been discovered in Adobe Reader and Acrobat, which could allow a malicious user to gain access to an affected machine.  The exploit can be carried out by providing a specially crafted PDF file to an unspecified JavaScript method that fails to perform proper input validation.
NOTE:  There have been reports of this exploit being carried out in the wild.   STEAM-CIRT recommends system administrators and users patch their systems immediately.
 
(See resources section for full details of the vulnerability.)
 
==SOLUTIONS==
 
A fix for the vulnerabilities include:
 
~Adobe Acrobat/Reader 7 update to Acrobat/Reader 7.1.0
~Adobe Acrobat/Reader 8 update to Acrobat/Reader 8.1.2 Security Update 1  
 
(See Adobe Advisory link in the resources section for the patch locations.)
 
==FURTHER INFORMATION AND RESOURCES==

Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-15.html
 
Secunia Advisory
http://secunia.com/advisories/30832/
 
Adobe Reader 8 for Windows
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3967
 
Adobe Reader 8 for Mac
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3966
 
Acrobat 8 for Windows
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3976
 
Acrobat 8 for Mac
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3977
 
Acrobat 3D Version 8 for Windows
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3975
 
Adobe Reader 7.0 – 7.0.9
http://www.adobe.com/go/getreader
 
Acrobat 7 for Windows
http://www.adobe.com/support/download...ct.jsp?product=1&platform=Windows
 
Acrobat 7 for Mac
http://www.adobe.com/support/download....jsp?product=1&platform=Macintosh
 
CVE-2008-2641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2641

==STEAM-CIRT CONTACT INFORMATION==

For questions concerning this advisory, please send email to:
  itap-securityhelp@purdue.edu.

Report computer-related abuse to steam-cirt:
  http://www.purdue.edu/securePurdue/incidentReportForm.cfm

http://www.purdue.edu/securepurdue/steam

Posted by Douglas Couch on June 30, 2008, in Advisory Alerts.