Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability

Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects the following:

Reader and Acrobat 7.1 and prior
Reader and Acrobat 8.1.2 and prior
Reader and Acrobat 9

UPDATE (March 24, 2009): This BID was previously titled 'Adobe Acrobat and Reader Unspecified JavaScript Method Remote Code Execution Vulnerability', but has been updated to better document the issue.


 

Privacy Statement
Copyright 2010, SecurityFocus