Status Tracking Note TRTA08-309A

Adobe Reader and Acrobat Vulnerabilities

Overview

Adobe has released Security Bulletin APSB08-19 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
Event Information


Date (UTC)Description
2008-11-13 16:02 Trend Micro
Bogus Federal Reserve Sites Deliver PDF Exploit
TrendLabs | Malware Blog - by Trend Micro
A new round of PDF exploits are being pushed by websites pretending to be the US Federal Reserve. Several spammed email messages were intercepted starting last week advertising these fake Federal Reserve pages.
2008-11-12 02:04 SANS Internet Storm Center
Acrobat continued activity in the wild (Version: 3)
It seems those responsible for the prior reported attacks, and followed up only yesterday, are still busy and most probably successful at it.
2008-11-12 Trend Micro
TROJ_PIDIEF.DN
Exploiting Adobe Reader Vulnerability
It exploits a known vulnerability in Adobe Reader versions 8.1.2 and earlier. This vulnerability may cause the said application to crash and may also allow a remote malicious user to take control over an affected system when a user views a specially-crafted .PDF file.
2008-11-11 08:17 Trend Micro
Adobe Reader Vulnerability: Actively Being Exploited
TrendLabs | Malware Blog - by Trend Micro
Last week, Adobe released an update for Adobe Acrobat 8 and Adobe Reader 8 and a day later, a working exploit code for the util.printf() vulnerability was released. As expected, malware authors were quick to use the exploit for their own gain.
2008-11-10 23:35 SANS Internet Storm Center
Adobe Reader Vulnerability - part 2
You may have read Bojan's excellent diary earlier this month where he looks at a couple of new PDF exploits with zero AV coverage. The low coverage was likely to be caused by a funky method of confusing the AV engine when its parsing the Javascript contained within the PDF.
2008-11-07 21:54 Symantec
Trojan.Pidief.D
Exploiting Adobe Reader Vulnerability (CVE-2008-2992)
Trojan.Pidief.D is a Trojan horse that exploits the Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability (BID 30035) to download and execute files from the Internet.
2008-11-07 19:19 US-CERT
Adobe Reader Exploit Circulating
US-CERT Current Activity
US-CERT is aware of public reports of active exploitation of a recent Adobe Reader vulnerability. This exploit appears to arrive in the form of a maliciously crafted PDF file and leverages the JavaScript buffer overflow vulnerability addressed in Adobe Security Bulletin APSB08-19. Successful exploitation may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Additionally, the reports indicate that this exploit is currently undetectable by common antivirus applications.
2008-11-07 15:54 SANS Internet Storm Center
Adobe Reader vulnerability exploited in the wild
One of our readers, Wayne Dilly, sent couple of malicious PDF documents to us. Wayne noticed that some machines got infected and wondered if the PDF documents exploited the vulnerability patched by Adobe couple of days ago (CVE-2008-2992 - see http://isc.sans.org/diary.html?storyid=5282).
2008-11-07 Trend Micro
TROJ_PIDIEF.CB
Exploiting Adobe Reader Vulnerability
This Trojan exploits a known vulnerability in Adobe Reader versions 8.1.2 and earlier. This vulnerability may cause the said application to crash and may also allow a remote malicious user to take control over an affected system when a user views a specially-crafted PDF file.
2008-11-06 Bugtraq
Adobe Reader Javascript Printf Buffer Overflow Exploit
Printf Buffer Overflow (CVE-2008-2992)
#Cid: adobe-CVE-2008-2992.txt
#Cid: 30035.c
2008-11-05 03:51 JPCERT/CC
JPCERT-AT-2008-0020: Vulnerability in Adobe Acrobat and Adobe Reader
2008-11-05 02:11 SANS Internet Storm Center
Adobe8
Adobe released a security update for Adobe Reader 8 and Acrobat 8 that covers 8 different CVEs today.
2008-11-04 21:43 US-CERT
TA08-309A: Adobe Reader and Acrobat Vulnerabilities
Via US-CERT Mailing List
2008-11-04 18:03 US-CERT
Adobe Releases Security Bulletin
US-CERT Current Activity
Adobe has released a Security Bulletin to address multiple vulnerabilities in Adobe Reader 8 and Acrobat 8. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
2008-11-04 Adobe
APSA08-01: Security Update available for Adobe Reader 8 and Acrobat 8
Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
2008-05-27 Core Security Technologies
CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow
Printf Buffer Overflow (CVE-2008-2992)
Vulnerability Reported
2008-05-12 Zero Day Initiative (ZDI)
ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability
PDF Code Execution Vulnerability (CVE-2008-4813)
This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe Acrobat. User interaction is required in that a user must visit a malicious web site.
Vulnerability Reported
2008-04-16 Secunia Research
2008-14: Adobe Acrobat/Reader "util.printf()" Buffer Overflow
Printf Buffer Overflow (CVE-2008-2992)
Vulnerability Reported
2008-04-08 Zero Day Initiative (ZDI)
ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability
PDF Code Execution Vulnerability (CVE-2008-4813)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file.
Vulnerability Reported
2008-03-21 iDefense
Adobe Acrobat Professional And Reader AcroJS Heap Corruption Vulnerability
AcroJS Heap Corruption Vulnerabilities (CVE-2008-4817)
Vulnerability Reported
The vulnerable code is an AcroJS function available to scripting code inside of a PDF document. This function is used for HTTP authentication. By passing a long string to this function, it is possible to corrupt heap memory in such a way that may lead to the execution of arbitrary code.
2008-01-21 Zero Day Initiative (ZDI)
ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability
PDF Javascript printf Stack Overflow Vulnerability (CVE-2008-2992)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerability Reported
2007-12-27 iDefense
Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability
Font Handling Vulnerabilities (CVE-2008-4812)
Vulnerability Reported
The vulnerability specifically exists in code responsible for parsing Type 1 fonts. After allocating an area of memory, no bounds checking is performed. Subsequent access of this memory may result in modification of arbitrary memory, which in turn may result in arbitrary code execution.

Reference

Date first published (UTC): 2008-11-09T20:54+00:00
Date last updated (UTC): 2008-11-23T04:24+00:00
Valid HTML 4.01!