Vulnerabilities

Adobe Reader and Acrobat util.printf() JavaScript function remote stack... (PC1-2008-0818)

Vulnerability chart	Adobe Reader and Acrobat include a stack buffer overflow vulnerability in the util.printf() JavaScript function. By using it unauthenticated attacker may be enabled to execute arbitrary code on a vulnerable system.
Remote Access Unknown patch availability Patch implementation unknown

Description:	Adobe Reader is software created to view Portable Document Format (PDF) files. Adobe Acrobat is software that is able to create PDF files. Adobe Reader and Acrobat support JavaScript in PDF documents. According to the Acrobat Forms JavaScript Object Specification, the `util.printf()` function "... will format one or more values as a string according to a format string. This is similar to the C function of the same name Adobe Reader and Acrobat fail to sufficiently validate input to the `util.printf()` JavaScript function. It can lead to a stack buffer overflow vulnerability. Exploit code for this vulnerability is publicly available.
Impact:	If a user is persuaded to open a specially-crafted PDF file, a remote, unauthenticated attacker might be able to execute arbitrary code. This can be done in several ways, for example, opening an email attachment or viewing a web page.
Solution:	Users are recommended to check for new versions and patches of the software program and upgrade their systems.
References:	http://www.adobe.com/support/security/bulletins/apsb08-19.html http://secunia.com/advisories/29773/ http://secunia.com/advisories/29941/ http://www.securityfocus.com/bid/30035 http://www.coresecurity.com/content/adobe-reader-buffer-overflow