Vulnerabilities > CVE-2008-2641 - Remote Code Execution vulnerability in Adobe Acrobat 3D and Acrobat Reader

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adobe
critical
nessus

Summary

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200808-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200808-10 (Adobe Reader: User-assisted execution of arbitrary code) The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact : A remote attacker could entice a user to open a specially crafted PDF document, possibly resulting in the remote execution of arbitrary code with the privileges of the user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id33858
    published2008-08-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33858
    titleGLSA-200808-10 : Adobe Reader: User-assisted execution of arbitrary code
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200808-10.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33858);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2008-2641");
      script_xref(name:"GLSA", value:"200808-10");
    
      script_name(english:"GLSA-200808-10 : Adobe Reader: User-assisted execution of arbitrary code");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200808-10
    (Adobe Reader: User-assisted execution of arbitrary code)
    
        The Johns Hopkins University Applied Physics Laboratory reported that
        input to an unspecified JavaScript method is not properly validated.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted PDF
        document, possibly resulting in the remote execution of arbitrary code
        with the privileges of the user.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200808-10"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Adobe Reader users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.2-r3'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:acroread");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-text/acroread", unaffected:make_list("ge 8.1.2-r3"), vulnerable:make_list("lt 8.1.2-r3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Reader");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_ACROREAD-080722.NASL
    descriptionThis update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641)
    last seen2020-06-01
    modified2020-06-02
    plugin id39904
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39904
    titleopenSUSE Security Update : acroread (acroread-115)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update acroread-115.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39904);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-2641");
    
      script_name(english:"openSUSE Security Update : acroread (acroread-115)");
      script_summary(english:"Check for the acroread-115 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of acroread fixes an unknown error in a JavaScript method
    that can lead to remote code execution. (CVE-2008-2641)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=404976"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected acroread package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:acroread");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"acroread-8.1.2_SU1-0.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD-5467.NASL
    descriptionThis update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641)
    last seen2020-06-01
    modified2020-06-02
    plugin id33573
    published2008-07-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33573
    titleopenSUSE 10 Security Update : acroread (acroread-5467)
  • NASL familyWindows
    NASL idADOBE_READER_812_SU1.NASL
    descriptionThe version of Adobe Reader installed on the remote Windows host contains a flaw in the function Collab.collectEmailInfo() that could allow a remote attacker to crash the application and/or to take control of the affected system. To exploit this flaw, an attacker would need to trick a user on the affected system into opening a specially crafted PDF file.
    last seen2020-06-01
    modified2020-06-02
    plugin id33256
    published2008-06-25
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33256
    titleAdobe Reader < 7.1.0 / 8.1.2 SU1 Unspecified JavaScript Method Handling Arbitrary Code Execution
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0641.NASL
    descriptionUpdated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. Adobe Acrobat Reader allows users to view and print documents in Portable Document Format (PDF). An input validation flaw was discovered in a JavaScript engine used by Acrobat Reader. A malicious PDF file could cause Acrobat Reader to crash or, potentially, execute arbitrary code as the user running Acrobat Reader. (CVE-2008-2641) An insecure temporary file usage issue was discovered in the Acrobat Reader
    last seen2020-06-01
    modified2020-06-02
    plugin id40724
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40724
    titleRHEL 3 / 4 / 5 : acroread (RHSA-2008:0641)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD-5466.NASL
    descriptionThis update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641)
    last seen2020-06-01
    modified2020-06-02
    plugin id33572
    published2008-07-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33572
    titleSuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5466)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12211.NASL
    descriptionThis update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641)
    last seen2020-06-01
    modified2020-06-02
    plugin id41227
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41227
    titleSuSE9 Security Update : Acrobat Reader (YOU Patch Number 12211)
  • NASL familyWindows
    NASL idADOBE_ACROBAT_812_SU1.NASL
    descriptionThe version of Adobe Acrobat installed on the remote Windows host contains a flaw in the
    last seen2020-06-01
    modified2020-06-02
    plugin id40801
    published2009-08-28
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40801
    titleAdobe Acrobat < 7.1.0 / 8.1.2 Unspecified JavaScript Method Handling Arbitrary Code Execution

Redhat

advisories
rhsa
idRHSA-2008:0641
rpms
  • acroread-0:8.1.2.SU1-2
  • acroread-0:8.1.2.SU1-2.el4
  • acroread-0:8.1.2.SU1-2.el5
  • acroread-plugin-0:8.1.2.SU1-2
  • acroread-plugin-0:8.1.2.SU1-2.el4
  • acroread-plugin-0:8.1.2.SU1-2.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 29908 CVE(CAN) ID: CVE-2008-2641 Acrobat Reader是一款流行的PDF文件阅读器。 Acrobat Reader的JavaScript方式存在输入验证错误,如果用户受骗打开了内嵌有恶意JavaScript内容的PDF文件的话就会导致执行任意指令。 Adobe Acrobat Professional &lt;= 7.0.9 Adobe Acrobat Professional 8.0 - 8.1.2 Adobe Reader &lt;= 7.0.9 Adobe Reader 8.0 - 8.1.2 Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.adobe.com/support/security/bulletins/apsb08-15.html target=_blank>http://www.adobe.com/support/security/bulletins/apsb08-15.html</a>
idSSV:3478
last seen2017-11-19
modified2008-06-25
published2008-06-25
reporterRoot
titleAdobe Acrobat Reader JavaScript方式远程代码执行漏洞