Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Adobe JavaScript checkForUpdate Function code execution Vulnerability
Date Discovered: 5/12/2008
Severity: High
Applications Affected: Adobe Acrobat 3D 8.1.1 and prior
Adobe Acrobat Reader 8.1.1 and prior
Adobe Acrobat Professional 8.1.1 and prior
Adobe Acrobat Standard 8.1.1 and prior
Synopsis
A vulnerability has been discovered in Adobe Acrobat 3D, Adobe Acrobat Reader, Adobe Acrobat Professional, Adobe Acrobat Standard. A remote user can execute arbitrary code to the target user's system.

The flaw exists due to some vulnerable functions of the JavaScript API, which allows the attacker to access the restricted or private functions of javascript API. Remote attackers can successfully exploit the application by sending malformed PDF file to the victim which contains the malicious code of JavaScript and enticing the victim to open this affected file with the vulnerable application of Adobe products.
Recommended Actions
Update with latest stable version.
http://www.adobe.com/downloads
Threat Analysis
Adobe Reader software is the global standard for electronic document sharing. It is the only PDF viewer that can open and interact with all PDF documents. Adobe Acrobat 3D software empowers CAD, CAM, and CAE users to convert virtually any CAD file to a highly compressed 3D PDF file to enable 3D-based collaboration and CAD data interoperability. Adobe Acrobat Professional and Standard software enables business professionals to reliably create, combine, and control Adobe PDF documents for easy, more secure distribution, collaboration, and data collection.

The javascript API code execution vulnerability has been discovered in Adobe products (3D, Reader, Professional, Standard) in which a remote attacker can access and execute the restricted function “app.checkForUpdate()” via the malicious function CallBack(). To exploit this issue an attacker sends malformed PDF file to the victim and enticing him to open it with the vulnerable Adobe products, which results arbitrary code execution. After successful exploitation a remote attacker can get secure information from the victim machine and can make further attack.
References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2042
http://securitytracker.com/alerts/2008/May/1019971.html
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://xforce.iss.net/xforce/xfdb/42237
Write-up by: Gaurav Bajpai
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map