Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-5659 to a friend New vulnerability? New tool? Tell us	CVE-2007-5659 Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities     Credit: The information has been provided by iDefense Labs. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-5659 Details Check for CVE-2007-5659 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Adobe Reader version 8.1 on Windows XP SP2 Immune Systems:  * Adobe Reader version 8.1.2 These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. Analysis: Exploitation of these vulnerabilities would allow an attacker to execute arbitrary code as the current user. In order to exploit these vulnerabilities, an attacker would have to convince a targeted user to open a maliciously constructed file. This file could be sent directly to the targeted user or linked from a website. Workaround: Disabling JavaScript in Adobe Reader or Acrobat will limit exposure to these vulnerabilities. When JavaScript is disabled, Adobe Reader will prompt the user that some components of the document may not function, and provide an opportunity to enable it. Vendor response: Adobe released version 8.1.2 of Adobe Reader and Acrobat to address these vulnerabilities. Although there is currently no update for version 7.0.9, Adobe reports it does plan to release one at a later date. For more information, visit the vendor's advisory at the following URL: http://www.adobe.com/support/security/advisories/apsa08-01.html CVE Information: CVE-2007-5659 Disclosure Timeline: 10/10/2007 - Initial vendor notification 10/10/2007 - Initial vendor response 10/26/2007 - Request for status 10/26/2007 - Status - Est. early January 01/04/2008 - Request for status 01/04/2008 - Status - Scheduled early February 01/28/2008 - Adobe plans patch for 8, but not 7 01/30/2008 - Concerns about the plan e-mailed to Adobe 01/31/2008 - Telephone call to clarify concerns 02/06/2008 - Adobe releases 8.1.2 02/06/2008 - Immunity makes PoC available to partners 02/07/2008 - Adobe publishes APSA08-01 02/08/2008 - Exploit discovered in the wild 02/08/2008 - Public disclosure  Comments on CVE-2007-5659:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®