Internet threat level: 1
Home→Descriptions→SA34924
Adobe Reader JavaScript Methods Memory Corruption
| Secunia ID | |
| CVE-ID | |
| Release Date |
28 Apr 2009 |
| Last Change |
13 May 2009 |
| Criticality | |
| Solution Status |
Partial Fix |
| Software |
Adobe Acrobat 3D 8.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Arr1val has discovered two vulnerabilities in Adobe Reader, which can be exploited by malicious people to potentially compromise a user's system. 1) An error when processing calls to the "getAnnots()" JavaScript method can be exploited to corrupt memory via a specially crafted PDF file. 2) An error when processing calls to the "customDictionaryOpen()" JavaScript method can be exploited to corrupt memory via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are confirmed in version 9.1 for Linux. Other versions may also be affected. |
| Solution |
Update to a fixed version. Please see the vendor's advisory for more information. Adobe Reader/Acrobat 9.x: Adobe Reader/Acrobat 8.x: Adobe Reader/Acrobat 7.x for Windows: Adobe Reader/Acrobat 7.x for Macintosh: |
| Reported by |
Arr1val |
| Original Advisory |
Arr1val: Adobe: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.