blob: dfc60490680dda7c119ca1fbb2dc3402bffe2bbd [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200808-10">
<title>Adobe Reader: User-assisted execution of arbitrary code</title>
Adobe Reader is vulnerable to execution of arbitrary code via a crafted
<product type="ebuild">acroread</product>
<announced>August 09, 2008</announced>
<revised>August 09, 2008: 01</revised>
<package name="app-text/acroread" auto="yes" arch="*">
<unaffected range="ge">8.1.2-r3</unaffected>
<vulnerable range="lt">8.1.2-r3</vulnerable>
Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
The Johns Hopkins University Applied Physics Laboratory reported that
input to an unspecified JavaScript method is not properly validated.
<impact type="normal">
A remote attacker could entice a user to open a specially crafted PDF
document, possibly resulting in the remote execution of arbitrary code
with the privileges of the user.
There is no known workaround at this time.
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/acroread-8.1.2-r3&quot;</code>
<uri link="">CVE-2008-2641</uri>
<metadata tag="submitter" timestamp="Wed, 06 Aug 2008 23:14:17 +0000">
<metadata tag="bugReady" timestamp="Wed, 06 Aug 2008 23:14:50 +0000">