This Metasploit module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code.
518aaf1102414303ab4491f0657827b243a86c8bd0569ed8dd01e3e5a762cfb3Gentoo Linux Security Advisory GLSA 200803-01:04 - Adobe Acrobat Reader is vulnerable to remote code execution, Denial of Service, and cross-site request forgery attacks. Versions less than 8.1.2 are affected.
3b620d56e2d1802267a0433a31893c83d5b29b6e044a17c553f561841201749diDefense Security Advisory 02.08.08 - Remote exploitation of multiple stack-based buffer overflows in JavaScript methods in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. iDefense has confirmed these vulnerabilities exist in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
82745cf5c6c8c6e687ae2cfa0e63f534a092b268615b9f95eb4a1895cce48b92
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed