PDF Cautionary Note - Abibitumi Kasa Afrikan Language and Liberation Institutes and Community Networks
Home UserCP Memberlist Register Calendar FAQ
Home
 
 

Portal Arcade Search YouTube ABIBItube Media Site Map Photo Gallery Downloads Wiki Member Classroom
Go Back   Abibitumi Kasa Afrikan Language and Liberation Institutes and Community Networks > Afrikan Liberation Institute Resources Thinktank > Afrikan Mathematical/Scientific/Technological Systems
Reload this Page PDF Cautionary Note
Register Stats All AlbumsBlogs FAQDonate Members Calendar Search Today's Posts Mark Forums Read

Notices

Afrikan Mathematical/Scientific/Technological Systems Information on Afrikan Mathematical/Scientific/Technological Systems

http://www.abibitumikasa.com/forums/

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-02-2008, 01:20 PM
KhepraEvolutionary's Avatar
KhepraEvolutionary is the moderator of the Survival Systems Forum
Khepra the Evolutionary
  

Join Date: Nov 2007
Location: Brooklyn, New York
Age: 38
Posts: 54
Quotes: 0
Thanks: 16
Thanked 26 Times in 19 Posts
Rep Power: 3
KhepraEvolutionary has a spectacular aura aboutKhepraEvolutionary has a spectacular aura about
Activity Longevity
2/20 9/20
Today Posts
sssssss54
View Member's Myspace Profile
Default PDF Cautionary Note
Ee ee m htp
Greetings.

Be cautious opening documents from people you do not know. Also make sure the people you do know are using updated and valid malware protection because they can unintentionally cause you problems.
This could be a way to get more money from US so you decide how to or how not to address this.

She ee m htp.

Khepra


Vulnerability Note VU#593409

Adobe Reader and Acrobat util.printf() JavaScript function stack buffer overflow

Overview

Adobe Reader and Acrobat contain a stack buffer overflow in the util.printf() JavaScript function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. I. Description

Adobe Reader is software designed to view Portable Document Format (PDF) files. Adobe Acrobat is software that can create PDF files. Adobe Reader and Acrobat support JavaScript in PDF documents. According to the Acrobat Forms JavaScript Object Specification, the util.printf() function "... will format one or more values as a string according to a format string. This is similar to the C function of the same name."
Adobe Reader and Acrobat fail to sufficiently validate input to the util.printf() JavaScript function, which can result in a stack buffer overflow. Exploit code for this vulnerability is publicly available. II. Impact

By convincing a user to open a specially-crafted PDF file, a remote, unauthenticated attacker may be able to execute arbitrary code. This can happen in several ways, such as opening an email attachment or viewing a web page. III. Solution

Apply an update
This issue is addressed in Adobe Reader and Adobe Acrobat 8.1.3. More details are available in Adobe Security Bulletin APSB08-019. Please also consider the following workarounds to help mitigate this and other vulnerabilities in Adobe Reader:

Disable the displaying of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities.



To prevent PDF documents from automatically being opened in a web browser:
  1. Open Adobe Acrobat Reader.
  2. Open the Edit menu.
  3. Choose the preferences option.
  4. Choose the Internet section.
  5. Un-check the "Display PDF in browser" check box.
Ubuntu users and administrators can prevent Adobe Reader from automatically opening PDF files inside their web browser by removing the mozilla-acroread package.

Prevent Internet Explorer from automatically opening PDF documents



The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:
  • Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\AcroExch.Document.7]
    "EditFlags"=hex:00,00,00,00
Disable JavaScript in Adobe Reader and Acrobat

Disabling Javascript may prevent this vulnerability from being exploited. Acrobat JavaScript can be disabled in the General preferences dialog (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript).

Do not open untrusted PDF files

Do not open unfamiliar or unexpected PDF attachments. Users can convert PDF documents to text by using the Adobe Online Conversion Tools site. See the Online Conversion Tools FAQ for information about this service. This workaround will not mitigate all attack vectors.
Systems Affected

VendorStatusDate NotifiedDate Updated
AdobeVulnerable2008-05-222008-11-07
References



Adobe - Security Advisories : APSB08-19 - Security Update available for Adobe Reader 8 and Acrobat 8
Adobe Acrobat/Reader Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com
Foxit Reader "util.printf()" Buffer Overflow - Secunia Advisories - Vulnerability Intelligence - Secunia.com
Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability
Core Security Technologies Credit


This vulnerability was reported by Will Dormann of the CERT/CC, based on information provided by Dyon Balding of Secunia Research.
This document was written by Will Dormann. Other Information

Date Public:2008-11-04
Date First Published:2008-11-04
Date Last Updated:2008-11-07
CERT Advisory:
CVE-ID(s):CVE-2008-2992
NVD-ID(s):CVE-2008-2992
US-CERT Technical Alerts:
Metric:24.62
Document Revision:21



http://www.adobe.com/support/securit...apsb08-23.html
__________________
Khepra The Evolutionary
Evolution Through Fusion is the only solution to provide a P.A.S.S. (Prepared Autonomous Sustainable Solution) through the 21st Century and beyond.
Last edited by KhepraEvolutionary; 12-02-2008 at 01:25 PM..
Reply With Quote
Welcome
To see more of this thread, please login or register.
Reply

Bookmarks

Tags
cautionary, note, pdf

« WARNING: Careful where you put your USB | Can Someone Please Invent.... »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT -4. The time now is 08:50 PM.
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0
Copyright Abibitumi Kasa 2006-2010Ad Management plugin by RedTyger

Abibitumi Kasa Afrikan Liberation Institutes and Community Networks RSS Feeds - Contact Us   Abibitumi Kasa Afrikan Liberation Institutes and Community Networks         Archive  



Footer
Top
These are the 70 most-searched-for thread tags
Search Tag Cloud
(twi) 7 or 8 2008 abibitumi abujamal africa afrikan akan ancient applications baby baruti bible black booklist camps class concentration court cultural death egyptians family general geronimo ghana ghanafest guadalupe hebrew? inside introduce journey june kamau kambon kasa languages launch learn liberation links main messengers mothers mwalimu nations network nigerian okomfo online origin post race rashidi runoko sankɔfa science seneweb session slideshow standing summit t'shango tanothe trouble twi week wolof words yoruba
abibitumikasa african martial arts afrikan sex agbadza akan names akan proverbs akan religion bbc kiswahili beta prostate formula beta prostate side effects creole words dherbs.com dr jewel pookrum dr. jewel pookrum english for farmacy gaspar yanga guadalupe strike itan yoruba jamaican words jewel pookrum kamau kambon lebombo bone mancala game online mancala online miss nigeria 2008 nsibidi online mancala owe yoruba play mancala online raynard johnson rex 87 sauti ya ujerumani semi za kiswahili seneweb seneweb.com sex afrikan slum sex stephanie oforka swahili sayings thiakry twi alphabet twi greetings twi proverbs www.abibitumikasa.com www.seneweb.com yoruba dictionary yoruba names yoruba phrases yoruba poem zulu phrases
Inactive Reminders By Mished.co.uk