Vigil@nce: Adobe Acrobat/Reader, code execution
June 2008 by Vigil@nce
An attacker can create a PDF document containing malicious
JavaScript code in order to execute code on the computer of
victims opening the document.
– Gravity: 3/4
– Consequences: user access/rights, denial of service of client
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 24/06/2008
– Identifier: VIGILANCE-VUL-7906
IMPACTED PRODUCTS
Adobe Acrobat/Reader [confidential versions]
DESCRIPTION
A PDF document can contain JavaScript code.
When a JavaScript method receives malformed data, a memory
corruption occurs. Technical details are unknown.
An attacker can therefore create a PDF document containing
malicious JavaScript code in order to execute code on the computer
of victims opening the document.
CHARACTERISTICS
– Identifiers: APSB08-13, APSB08-15, BID-29908, CVE-2008-2641,
VIGILANCE-VUL-7906
– Url: https://vigilance.aql.fr/tree/1/7906