Note: This is an archival copy of Security Sun Alert 239286 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019406.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code
Adobe Reader is the free viewing companion to Adobe Acrobat. Adobe Reader allows you to view, navigate, and print Portable Document Format (PDF) files.
These issues are described in the following documents:
APSB08-13 at http://www.adobe.com/support/security/bulletins/apsb08-13.html
CVE-2008-0667 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0667
CVE-2007-5666 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5666
CVE-2007-5659 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659
CVE-2007-5663 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5663
CVE-2008-0726 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0726
CVE-2008-0655 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0655
CVE-2008-2042 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2042
CVE-2007-4768 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768
2. Contributing Factors
These issues can occur in the following release:
To determine the version of Adobe Reader installed on a system, the following command can be run:
$ /usr/bin/acroread -version
There are no predictable symptoms that would indicate these issues have been exploited to execute arbitrary code.
To avoid the described issues, do not load PDF files from untrusted sources.
This can done in Mozilla as follows:
This can be done in Firefox as follows:
These issues are addressed in the following release:
01-Aug-2008: Updated Contributing Factors and Resolution sections; now Resolved
This solution has no attachment