Red Hat Bugzilla – Bug 469923
CVE-2008-4817 Adobe Reader: Download Manager input validation flaw
Last modified: 2016-03-04 07:35:51 EST
Adobe Reader 8 contains an input validation error in the Download Manager.
According to Adobe these flaws could result in arbitrary code execution
with the permissions of the user running Adobe Reader.
Upstream security bulletin:
Further details from iDefense advisory:
The vulnerable code is an AcroJS function available to scripting code
inside of a PDF document. This function is used for HTTP
authentication. By passing a long string to this function, it is
possible to corrupt heap memory in such a way that may lead to the
execution of arbitrary code.
This issue was addressed in:
Red Hat Enterprise Linux Extras: