Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability

Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The following applications are affected:

- Adobe Reader 8.0 through 8.1.2
- Adobe Reader 7.0.9 and prior
- Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
- Adobe Acrobat Professional, 3D and Standard 7.0.9 and prior

NOTE: This vulnerability may be related to the issue described in BID 29420 (Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability).


 

Privacy Statement
Copyright 2010, SecurityFocus