Adobe Acrobat and Reader JavaScript buffer overflow

Added: 11/13/2008
CVE: CVE-2007-5659
BID: 27641
OSVDB: 41495

Background

Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.

Problem

Buffer overflow vulnerabilities in several JavaScript functions allow command execution when a user loads a PDF file which calls one of the affected functions with a long, specially crafted argument.

Resolution

Upgrade to Adobe Reader or Adobe Acrobat 8.1.2 or higher.

References

http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657

Limitations

Exploit works on Adobe Acrobat 8.0 and Adobe Reader 8.1.1 and requires a user to open the exploit file using the affected application.

Platforms

Windows

Back to exploit index