PT-2008-3559 · Adobe · Acrobat Professional

Published

2008-05-08

Updated

2018-10-30

CVE-2008-2042

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Professional versions 7.0.9 through 8.1.1

Description The issue concerns the Javascript API in Adobe Acrobat Professional, which exposes a dangerous method. This allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file. The exploitation involves invoking the app.checkForUpdate function with a malicious callback function.

Recommendations For Adobe Acrobat Professional version 7.0.9, update to a version that fixes this issue. For Adobe Acrobat Professional version 8.1.1, update to a version that fixes this issue. As a temporary workaround, consider disabling the app.checkForUpdate function until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-2042

Affected Products

Acrobat Professional

PT-2008-3559 · Adobe · Acrobat Professional

CVE-2008-2042

Weakness Enumeration

Related Identifiers

Affected Products

References · 9