---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat JavaScript Method Handling Vulnerability SECUNIA ADVISORY ID: SA30832 VERIFY ADVISORY: http://secunia.com/advisories/30832/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Adobe Acrobat 8 Professional http://secunia.com/product/13785/ Adobe Acrobat 8.x http://secunia.com/product/12256/ Adobe Acrobat 7.x http://secunia.com/product/4594/ Adobe Acrobat 7 Professional http://secunia.com/product/13786/ Adobe Acrobat 3D http://secunia.com/product/13149/ Adobe Reader 7.x http://secunia.com/product/4546/ Adobe Reader 8.x http://secunia.com/product/12829/ DESCRIPTION: A vulnerability has been reported in Adobe Reader/Acrobat, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the implementation of an unspecified JavaScript method and can be exploited to cause a crash or potentially execute arbitrary code via a specially crafted PDF file. NOTE: The vulnerability is reportedly being exploited in the wild. The vulnerability is reported in the following products and versions: * Adobe Reader versions 8.0 through 8.1.2 * Adobe Reader versions 7.0.9 and earlier * Adobe Acrobat Professional, 3D and Standard versions 8.0 through 8.1.2 * Adobe Acrobat Professional, 3D and Standard versions 7.0.9 and earlier SOLUTION: Adobe Reader 8 for Windows: Update to Adobe Reader 8.1.2 Security Update 1. http://www.adobe.com/support/downloads/detail.jsp?ftpID=3967 Adobe Reader 8 for Macintosh: Update to Adobe Reader 8.1.2 Security Update 1. http://www.adobe.com/support/downloads/detail.jsp?ftpID=3966 Acrobat 8 for Windows: Update to Acrobat 8.1.2 Security Update 1. http://www.adobe.com/support/downloads/detail.jsp?ftpID=3976 Acrobat 8 for Macintosh: Update to Acrobat 8.1.2 Security Update 1. http://www.adobe.com/support/downloads/detail.jsp?ftpID=3977 Acrobat 3D Version 8 for Windows: Update to Acrobat 3D Version 8.1.2 Security Update 1. http://www.adobe.com/support/downloads/detail.jsp?ftpID=3975 Adobe Reader 7.0 through 7.0.9: Upgrade to Adobe Reader 7.1.0. http://www.adobe.com/go/getreader Acrobat 7 for Windows: Update to Acrobat 7.1.0. http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows Acrobat 7 for Macintosh: Update to Acrobat 7.1.0. http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh PROVIDED AND/OR DISCOVERED BY: The vendor credits the Information Security Team of the Johns Hopkins University Applied Physics Laboratory. ORIGINAL ADVISORY: Adobe APSB08-15: http://www.adobe.com/support/security/bulletins/apsb08-15.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------