OSVDB ID: 49541

Title: Adobe Acrobat / Reader Download Manager AcroJS Function Heap Corruption Arbitrary Code Execution

Info

Disclosure

Nov 04, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Adobe has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: Disabling JavaScript in Adobe Reader or Acrobat will limit exposure to this vulnerability. When JavaScript is disabled, Adobe Reader will prompt the user that some components of the document may not function, and provide an opportunity to enable it.

Products

Unknown or Incomplete

References

CVE ID: 2008-4817 (see also: NVD)
Secunia Advisory ID: 32546 32700 32872 33460 33491 35163
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756
http://sunsolve.sun.com/search/document.do?assetkey=1-66-249366-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609
http://www.gentoo.org/security/en/glsa/glsa-200901-09.xml
Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Vendor Specific News/Changelog Entry: http://www.adobe.com/support/security/bulletins/apsb08-19.html
Vendor Specific Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0974.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/49541