Signature Detail

HTTP: Adobe Reader and Acrobat util.printf Stack Buffer Overflow

This signature detects attempts to exploit a known flaw in Adobe Reader and Acrobat. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Extended Description

Adobe Reader is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Affected Products

• Adobe acrobat_3d 8.1.2
• Adobe acrobat_3d
• Adobe acrobat_professional 8.0
• Adobe acrobat_professional 8.1
• Adobe acrobat_professional 8.1.1
• Adobe acrobat_professional 8.1.2
• Adobe acrobat_professional 8.1.2 Security Update 1
• Adobe acrobat_standard 8.0
• Adobe acrobat_standard 8.1
• Adobe acrobat_standard 8.1.1
• Adobe acrobat_standard 8.1.2
• Adobe reader 8.0
• Adobe reader 8.1
• Adobe reader 8.1.1
• Adobe reader 8.1.2
• Adobe reader 8.1.2 Security Update 1
• Avaya interactive_response 2.0
• Avaya interactive_response 3.0
• Gentoo linux
• Nortel_networks callpilot 1002Rp
• Nortel_networks callpilot 1005R
• Nortel_networks callpilot 201I
• Nortel_networks callpilot 600R
• Nortel_networks callpilot 703T
• Nortel_networks self-service-ccss7
• Nortel_networks self-service_mps_1000
• Nortel_networks self-service_mps_500
• Nortel_networks self-service_peri_application
• Nortel_networks self-service_peri_workstation
• Nortel_networks self-service_speech_server
• Sun solaris 10 Sparc
• Turbolinux client 2008

References

• BugTraq: 30035
• CVE: CVE-2008-2992