Vulnerabilities > CVE-2008-2641 - Remote Code Execution vulnerability in Adobe Acrobat 3D and Acrobat Reader
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200808-10.NASL description The remote host is affected by the vulnerability described in GLSA-200808-10 (Adobe Reader: User-assisted execution of arbitrary code) The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact : A remote attacker could entice a user to open a specially crafted PDF document, possibly resulting in the remote execution of arbitrary code with the privileges of the user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 33858 published 2008-08-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33858 title GLSA-200808-10 : Adobe Reader: User-assisted execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200808-10. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(33858); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-2641"); script_xref(name:"GLSA", value:"200808-10"); script_name(english:"GLSA-200808-10 : Adobe Reader: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200808-10 (Adobe Reader: User-assisted execution of arbitrary code) The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact : A remote attacker could entice a user to open a specially crafted PDF document, possibly resulting in the remote execution of arbitrary code with the privileges of the user. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200808-10" ); script_set_attribute( attribute:"solution", value: "All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.2-r3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:acroread"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-text/acroread", unaffected:make_list("ge 8.1.2-r3"), vulnerable:make_list("lt 8.1.2-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Reader"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_0_ACROREAD-080722.NASL description This update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641) last seen 2020-06-01 modified 2020-06-02 plugin id 39904 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39904 title openSUSE Security Update : acroread (acroread-115) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update acroread-115. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39904); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-2641"); script_name(english:"openSUSE Security Update : acroread (acroread-115)"); script_summary(english:"Check for the acroread-115 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=404976" ); script_set_attribute( attribute:"solution", value:"Update the affected acroread package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:acroread"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"acroread-8.1.2_SU1-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "acroread"); }
NASL family SuSE Local Security Checks NASL id SUSE_ACROREAD-5467.NASL description This update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641) last seen 2020-06-01 modified 2020-06-02 plugin id 33573 published 2008-07-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33573 title openSUSE 10 Security Update : acroread (acroread-5467) NASL family Windows NASL id ADOBE_READER_812_SU1.NASL description The version of Adobe Reader installed on the remote Windows host contains a flaw in the function Collab.collectEmailInfo() that could allow a remote attacker to crash the application and/or to take control of the affected system. To exploit this flaw, an attacker would need to trick a user on the affected system into opening a specially crafted PDF file. last seen 2020-06-01 modified 2020-06-02 plugin id 33256 published 2008-06-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33256 title Adobe Reader < 7.1.0 / 8.1.2 SU1 Unspecified JavaScript Method Handling Arbitrary Code Execution NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0641.NASL description Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. Adobe Acrobat Reader allows users to view and print documents in Portable Document Format (PDF). An input validation flaw was discovered in a JavaScript engine used by Acrobat Reader. A malicious PDF file could cause Acrobat Reader to crash or, potentially, execute arbitrary code as the user running Acrobat Reader. (CVE-2008-2641) An insecure temporary file usage issue was discovered in the Acrobat Reader last seen 2020-06-01 modified 2020-06-02 plugin id 40724 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40724 title RHEL 3 / 4 / 5 : acroread (RHSA-2008:0641) NASL family SuSE Local Security Checks NASL id SUSE_ACROREAD-5466.NASL description This update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641) last seen 2020-06-01 modified 2020-06-02 plugin id 33572 published 2008-07-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33572 title SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5466) NASL family SuSE Local Security Checks NASL id SUSE9_12211.NASL description This update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641) last seen 2020-06-01 modified 2020-06-02 plugin id 41227 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41227 title SuSE9 Security Update : Acrobat Reader (YOU Patch Number 12211) NASL family Windows NASL id ADOBE_ACROBAT_812_SU1.NASL description The version of Adobe Acrobat installed on the remote Windows host contains a flaw in the last seen 2020-06-01 modified 2020-06-02 plugin id 40801 published 2009-08-28 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40801 title Adobe Acrobat < 7.1.0 / 8.1.2 Unspecified JavaScript Method Handling Arbitrary Code Execution
Redhat
advisories |
| ||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 29908 CVE(CAN) ID: CVE-2008-2641 Acrobat Reader是一款流行的PDF文件阅读器。 Acrobat Reader的JavaScript方式存在输入验证错误,如果用户受骗打开了内嵌有恶意JavaScript内容的PDF文件的话就会导致执行任意指令。 Adobe Acrobat Professional <= 7.0.9 Adobe Acrobat Professional 8.0 - 8.1.2 Adobe Reader <= 7.0.9 Adobe Reader 8.0 - 8.1.2 Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.adobe.com/support/security/bulletins/apsb08-15.html target=_blank>http://www.adobe.com/support/security/bulletins/apsb08-15.html</a> |
id | SSV:3478 |
last seen | 2017-11-19 |
modified | 2008-06-25 |
published | 2008-06-25 |
reporter | Root |
title | Adobe Acrobat Reader JavaScript方式远程代码执行漏洞 |
References
- http://isc.sans.org/diary.html?storyid=4616
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
- http://secunia.com/advisories/30832
- http://secunia.com/advisories/31136
- http://secunia.com/advisories/31339
- http://secunia.com/advisories/31352
- http://secunia.com/advisories/31428
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1
- http://www.adobe.com/support/security/bulletins/apsb08-15.html
- http://www.gentoo.org/security/en/glsa/glsa-200808-10.xml
- http://www.kb.cert.org/vuls/id/788019
- http://www.redhat.com/support/errata/RHSA-2008-0641.html
- http://www.securityfocus.com/bid/29908
- http://www.securitytracker.com/id?1020352
- http://www.vupen.com/english/advisories/2008/1906
- http://www.vupen.com/english/advisories/2008/2289
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43307