Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability

BID:29908

Info

Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability

Bugtraq ID: 29908
Class: Input Validation Error
CVE: CVE-2008-2641
Remote: Yes
Local: No
Published: Jun 23 2008 12:00AM
Updated: Nov 13 2008 08:54PM
Credit: Information Security Team of the Johns Hopkins University Applied Physics Laboratory
Vulnerable: Sun Solaris 10.0_x86
Sun Solaris 10.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
Redhat Enterprise Linux Supplementary 5 server
Redhat Enterprise Linux Extras 4
Redhat Enterprise Linux Extras 3
Redhat Enterprise Linux Desktop Supplementary 5 client
Gentoo Linux
Adobe Reader 8.1.2
Adobe Reader 8.1.1
Adobe Reader 7.0.9
Adobe Reader 7.0.8
Adobe Reader 7.0.7
Adobe Reader 7.0.6
Adobe Reader 7.0.5
Adobe Reader 7.0.4
Adobe Reader 7.0.3
Adobe Reader 7.0.2
Adobe Reader 7.0.1
Adobe Reader 7.0
Adobe Reader 8.1
Adobe Reader 8.0
Adobe Acrobat Professional 8.1.2
Adobe Acrobat Professional 8.1.1
Adobe Acrobat Professional 7.0.9
Adobe Acrobat Professional 7.0.8
Adobe Acrobat Professional 7.0.7
Adobe Acrobat Professional 7.0.6
Adobe Acrobat Professional 7.0.5
Adobe Acrobat Professional 7.0.4
Adobe Acrobat Professional 7.0.3
Adobe Acrobat Professional 7.0.2
Adobe Acrobat Professional 7.0.1
Adobe Acrobat Professional 8.1
Adobe Acrobat Professional 8.0
Not Vulnerable: Adobe Reader 8.1.2 Security Updat
Adobe Reader 7.1
Adobe Acrobat Professional 8.1.2 Security Updat
Adobe Acrobat Professional 7.1

Discussion

Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability

Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The following applications are affected:

- Adobe Reader 8.0 through 8.1.2
- Adobe Reader 7.0.9 and prior
- Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
- Adobe Acrobat Professional, 3D and Standard 7.0.9 and prior

NOTE: This vulnerability may be related to the issue described in BID 29420 (Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability).

Exploit / POC

Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability

The vendor says that this issue is currently being exploited in the wild.

Solution / Fix

Adobe Acrobat and Reader JavaScript Method Remote Code Execution Vulnerability

Solution:
The vendor has released an update. Please see the references for more information.


Sun Solaris 10.0

Adobe Reader 8.0

Adobe Acrobat Professional 8.0

Adobe Reader 8.1

Adobe Acrobat Professional 8.1

Adobe Reader 7.0

Adobe Acrobat Professional 7.0.1

Adobe Reader 7.0.1

Adobe Acrobat Professional 7.0.2

Adobe Reader 7.0.2

Adobe Reader 7.0.3

Adobe Acrobat Professional 7.0.3

Adobe Reader 7.0.4

Adobe Acrobat Professional 7.0.4

Adobe Acrobat Professional 7.0.5

Adobe Reader 7.0.5

Adobe Acrobat Professional 7.0.6

Adobe Reader 7.0.6

Adobe Acrobat Professional 7.0.7

Adobe Reader 7.0.7

Adobe Acrobat Professional 7.0.8

Adobe Reader 7.0.8

Adobe Acrobat Professional 7.0.9

Adobe Reader 7.0.9

Adobe Acrobat Professional 8.1.1

Adobe Reader 8.1.1

Adobe Reader 8.1.2

Adobe Acrobat Professional 8.1.2

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report