LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2008-2549 CVE-2008-2992 CVE-2008-4812 CVE-2008-4813 CVE-2008-4814 CVE-2008-4815 CVE-2008-4817
Created:November 12, 2008 Updated:January 13, 2009
Description:

From the Red Hat advisory:

Several input validation flaws were discovered in Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)

The Adobe Reader binary had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local attacker able to convince another user to run Adobe Reader in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-4815)

Alerts:
Gentoo 200901-09 2009-01-13
SuSE SUSE-SR:2008:026 2008-11-24
Red Hat RHSA-2008:0974-01 2008-11-12
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds