A remote overflow exists in Adobe Reader and Adobe Acrobat. The document reader fails to properly bounds check input to the util.printf() javascript function resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Upgrade to version 8.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2008-2992 (see also: NVD)
• Secunia Advisory ID: 29773 32700 32872 33460 33491 35163
• Bugtraq ID: 30035 32091
• Metasploit ID: 49520
• Milw0rm: 6994 7006
• Exploit Database: 6994 7006
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-11/0018.html
  http://archives.neohapsis.com/archives/bugtraq/2008-11/0019.html
  http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0091.html
  http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
• Other Advisory URL: http://blog.fortinet.com/inside-gumblar-looking-for-the-trigger/
  http://secunia.com/secunia_research/2008-14/
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-249366-1
  http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609
  http://www.coresecurity.com/content/adobe-reader-buffer-overflow
  http://www.gentoo.org/security/en/glsa/glsa-200901-09.xml
• Generic Exploit URL: http://hackingspirits.com/vuln-rnd/vuln-rnd.html
  http://immunitysec.com
  http://www.saintcorporation.com/cgi-bin/exploit_info/adobe_util_printf
• News Article: http://www.net-security.org/secworld.php?id=6715
• Vendor Specific Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0974.html

• Dyon Balding - Secunia Research
• Peter Vreugdenhil - Zero Day Initiative (ZDI)