Actu
SkyRecon Detects PDF Vulnerability
November 2008 by Vigil@nce
SkyRecon Systems announced that it has reported a vulnerability – CVE-2008-4814 – in the Adobe Acrobat PDF file format. The unpatched Adobe software contains an input validation issue in a JavaScript method that could potentially lead to unauthorised remote code execution – exploited simply by viewing the document online or through your standard email system. This vulnerability is exploitable on nearly any operating system that supports this open document standard.
Adobe PDF (Portable Document Format) is used globally to capture and view information from nearly any application on nearly any computer system. Established as a formal open standard ISO 32000, Adobe PDF has been designed to share information across multiple platforms with a high level of trust and reliability.
The vulnerability affects any operating system that allows the user to view or open a compromised PDF file. The collection of operating systems includes, but is not limited to, multiple versions of Microsoft Windows, Unix, and Linux. If exploited, the vulnerability could allow for unauthorised code execution, such as a Trojan, keylogger, password stealer, or other form of malware.
More information regarding the vulnerability can be found at CVE-2008-4814. Additional information regarding the patch from Adobe can be found at
http://www.adobe.com/support/security/bulletins/apsb08-19.html
