Arr1Val

Name of the Vulnerable Software and Affected Versions: Adobe Reader versions 7.0.0 through 7.1.2 Adobe Reader versions 8.0.0 through 8.1.5 Adobe Reader versions 9.0.0 through 9.1.1 Adobe Acrobat versions 7.0.0 through 7.1.2 Adobe Acrobat versions 8.0.0 through 8.1.5 Adobe Acrobat versions 9.0.0 through 9.1.1 Description: A stack-based buffer overflow might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block. Recommendations: For Adobe Reader versions 7.0.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Reader versions 8.0.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Reader versions 9.0.0 through 9.1.1, update to version 9.1.2 or later. For Adobe Acrobat versions 7.0.0 through 7.1.2, update to version 7.1.3 or later. For Adobe Acrobat versions 8.0.0 through 8.1.5, update to version 8.1.6 or later. For Adobe Acrobat versions 9.0.0 through 9.1.1, update to version 9.1.2 or later.

Name of the Vulnerable Software and Affected Versions: Adobe Reader and Acrobat versions 9.1, 8.1.4, 7.1.1, and earlier Description: The issue allows remote attackers to cause a denial of service or execute arbitrary code via a PDF file that contains an annotation with JavaScript code. This code calls the `getAnnots` method in the JavaScript API with crafted integer arguments, potentially leading to memory corruption. Recommendations: For Adobe Reader and Acrobat versions 9.1, 8.1.4, 7.1.1, and earlier, consider disabling JavaScript execution in PDF files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Adobe Reader versions 9.1, 8.1.4, 7.1.1, and earlier Description: The issue allows remote attackers to cause a denial of service or execute arbitrary code via a PDF file that triggers a call to the `customDictionaryOpen` spell method with a long string in the second argument. This can lead to memory corruption. Recommendations: For Adobe Reader versions 9.1, 8.1.4, 7.1.1, and earlier, consider disabling the `customDictionaryOpen` spell method in the JavaScript API as a temporary workaround until a patch is available. Restrict access to PDF files that could potentially trigger this method with a long string in the second argument to minimize the risk of exploitation.