Adobe Reader: User-assisted execution of arbitrary code

Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description An unspecified vulnerability can be triggered by a malformed PDF document, as demonstrated by 2008-HI2.pdf CVE-2008-2549. Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg MacManu...

Adobe util.printf() Buffer Overflow

This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 'Adobe util.printf Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional MSFLICENSE, 'Author' = 'MC', 'Didier Stevens ' , 'References' = 'CVE'...

CVE-2008-5364

Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than...

Stack overflow

Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than...

CVE-2008-5364

Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than...

CVE-2008-5364

CVE-2008-5364 refers to a stack-based buffer overflow in the getPlus ActiveX control (gp.ocx 1.2.2.50) used by NOS Microsystems getPlus Download Manager, which is used during the Adobe Reader 8.1 installation process and other downloads. The overflow could allow remote code execution via unspecif...

Workaround for Adobe Reader and Acrobat util.printf Stack Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format PDF is an open file format created by Adobe Systems. It is use...

Adobe Acrobat and Reader JavaScript buffer overflow

Added: 11/13/2008 CVE: CVE-2007-5659 BID: 27641 OSVDB: 41495 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem Buffer overflow vulnerabilities in several JavaScript functions allow command execution when a user loads ...

Adobe Acrobat and Reader JavaScript buffer overflow

Added: 11/13/2008 CVE: CVE-2007-5659 BID: 27641 OSVDB: 41495 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem Buffer overflow vulnerabilities in several JavaScript functions allow command execution when a user loads ...

Reader: insecure RPATH flaw

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH...

Critical: Red Hat Security Advisory: acroread security update

Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team...

Reader: arbitrary code execution via unspecified JavaScript method

Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."...

Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw

Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that 1 performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or 2 contains a malformed PDF object that...

security flaw

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658...

Reader: embedded font handling out-of-bounds array indexing

Array index error in Adobe Reader and Acrobat, and the Explorer extension aka AcroRd32Info, 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts...

iDefense Security Advisory 11.04.08: Multiple Vendor NOS Microsystems getPlus Downloader Stack Buffer Overflow Vulnerability

iDefense Security Advisory 11.04.08 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 04, 2008 I. BACKGROUND The getPlus Download Manager is a software management tool. It is used to download, install, and update other software through the browser. The getPlus Download Manager consists o...

NOS Microsystems getPlus ActiveX控件缓冲区溢出漏洞

CVE ID：CVE-2008-4817 NOS Microsystems getPlus是一款下载管理器控件。 NOS Microsystems getPlus控件处理安装文件时存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 存在问题的控件为 getPlus gp.ocx 1.2.2.50，目前证实用于Adobe Reader 8.1的WEB安装使用此控件，要判断此版本控件是否安装，注册表编辑器可用于尝试浏览此注册表键值： HKEYCLASSESROOT\CLSID\CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7...

Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit #2

No description provided by source. Adobe Reader Javascript Printf Buffer Overflow Exploit =========================================================== Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow CVE-2008-2992 Thanks to coresecurity for the technical background...

Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit

No description provided by source. Adobe Reader 'util.printf' JavaScript Function Stack Buffer Overflow Exploit author: Elazar http://sebug.net/paper/poc/2008-APSB08-19.pdf...

adobe-printf.txt

Adobe Reader Javascript Printf Buffer Overflow Exploit =========================================================== Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow CVE-2008-2992 Thanks to coresecurity for the technical background. 6Nov,2008: Exploit released by me...