CVE-2008-2042

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Professional versions 7.0.9 through 8.1.1

Description The issue concerns the Javascript API in Adobe Acrobat Professional, which exposes a dangerous method. This allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file. The exploitation involves invoking the app.checkForUpdate function with a malicious callback function.

Recommendations For Adobe Acrobat Professional version 7.0.9, update to a version that fixes this issue. For Adobe Acrobat Professional version 8.1.1, update to a version that fixes this issue. As a temporary workaround, consider disabling the app.checkForUpdate function until a patch is available.