header-logo
Suggest Exploit
vendor:
Adobe Reader
by:
Elazar
9.3
CVSS
HIGH
Stack Buffer Overflow
119
CWE
Product Name: Adobe Reader
Affected Version From: 8.1.2002
Affected Version To: 9.1.2001
Patch Exists: YES
Related CWE: CVE-2008-2992
CPE: a:adobe:reader
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0974/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-2992/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-2992/https://www.rapid7.com/db/vulnerabilities/adobe-reader-apsb08-19-CVE-2008-2992/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Adobe Reader ‘util.printf()’ JavaScript Function Stack Buffer Overflow Exploit

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the util.printf() JavaScript function. This function does not properly validate the length of user supplied data before copying it to a fixed length stack buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user.

Mitigation:

Upgrade to version 9.1.2 or later.
Source

Exploit-DB raw data:

Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Exploit
author: Elazar

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6994.pdf (2008-APSB08-19.pdf)

# milw0rm.com [2008-11-05]

Navigation

Suggest Exploit

Services By CQR