Lucene search

K

SAINT CorporationSAINT:781A24DCD2B05F055412FFEADEA4EDCC

HistoryNov 10, 2008 - 12:00 a.m.

Adobe Acrobat util.printf JavaScript function buffer overflow

2008-11-1000:00:00

SAINT Corporation

download.saintcorporation.com

33

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

Added: 11/10/2008
CVE: CVE-2008-2992
BID: 30035
OSVDB: 49520

Background

Adobe Acrobat is software for creating PDF documents.

Problem

A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the **util.printf** JavaScript function with a specially crafted format string argument.

Resolution

Upgrade to Adobe Acrobat 8.1.3 or higher.

References

<http://www.adobe.com/support/security/bulletins/apsb08-19.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-072/>

Limitations

Exploit works on Adobe Acrobat 8.0 through 8.1.2 and requires a user to open the exploit file in Adobe Acrobat.

This exploit requires the Compress-Zlib PERL module. This module is available from cpan.org.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

Related for SAINT:781A24DCD2B05F055412FFEADEA4EDCC