what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2008-2992

Status Candidate

Overview

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

Related Files

Bleeding Life 2 Exploit Pack
Posted Oct 24, 2011
Site blackhatacademy.org

Black Hat Academy has decided to go open source with the Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java.

tags | exploit, java, web
systems | linux, windows
advisories | CVE-2008-2992, CVE-2010-1297, CVE-2010-2884, CVE-2010-0188, CVE-2010-0642, CVE-2010-3552
MD5 | df19be9e1d930def74baab341a3a5f08
Adobe util.printf() Buffer Overflow
Posted Nov 26, 2009
Authored by MC, Didier Stevens | Site metasploit.com

This Metasploit module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-2992
MD5 | 9be8b233672ca2f0bc7d59c93c556e68
Gentoo Linux Security Advisory 200901-9
Posted Jan 13, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-09 - Adobe Reader is vulnerable to execution of arbitrary code. An unspecified vulnerability can be triggered by a malformed PDF document, as demonstrated by 2008-HI2.pdf. Versions less than 8.1.3 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4815, CVE-2008-4817
MD5 | d9bc3faa40e107b5bcdc90addba25562
adobe-printf.txt
Posted Nov 6, 2008
Authored by Debasis Mohanty | Site hackingspirits.com

Adobe Reader Javascript printf buffer overflow exploit that binds a shell to port 4444.

tags | exploit, overflow, shell, javascript
advisories | CVE-2008-2992
MD5 | 9ccd8cf03255dc1fba32b9c38ae011bf
Zero Day Initiative Advisory 08-072
Posted Nov 5, 2008
Authored by Peter Vreugdenhil, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of embedded Javascript code when opening a PDF. Adobe Acrobat has defined it's own set of Javascript functions that can be used in a PDF file. Due to improper parameter checking to one of these functions arbitrary memory can be over-written leading to remote code execution. If successfully exploited remote control of the target system can be gained with the credentials of the logged in user.

tags | advisory, remote, arbitrary, javascript, code execution
advisories | CVE-2008-2992
MD5 | 9d5a863ccf99a613ea053e6857b030ff
Core Security Technologies Advisory 2008.0526
Posted Nov 4, 2008
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader.

tags | advisory, overflow, javascript
advisories | CVE-2008-2992
MD5 | ee310269f20e4e073d29093cc167d458
secunia-adobeoverflow.txt
Posted Nov 4, 2008
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Acrobat/Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" Javascript function and can be exploited to cause a stack-based buffer overflow via a specially crafted PDF. Successful exploitation may allow execution of arbitrary code when viewing a malicious PDF file. Adobe Acrobat / Reader version 8.1.2 is affected.

tags | advisory, overflow, arbitrary, javascript
advisories | CVE-2008-2992
MD5 | d08bafd11eea3329aa3d2db935e6fe83
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    21 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    19 Files
  • 24
    Jan 24th
    11 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close