RedHatRHSA-2008:0974(RHSA-2008:0974) Critical: acroread security update
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | i386 | acroread-plugin | < 8.1.3-1.el5 | acroread-plugin-8.1.3-1.el5.i386.rpm |
| RedHat | 5 | i386 | acroread | < 8.1.3-1.el5 | acroread-8.1.3-1.el5.i386.rpm |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%