#VU1337 Heap-based buffer overflow in Adobe Acrobat and Adobe Reader - CVE-2007-4768

Vulnerability identifier: #VU1337

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2007-4768

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Adobe Acrobat
Adobe Reader

Software vendor:
Adobe

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library when handling of a single Unicode sequence by multiple character classes. A remote attacker can create a specially data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Install update from vendor's website:

Adobe Reader 7 and 8:
https://www.adobe.com/products/acrobat/readstep2.html
Adobe Acrobat for Windows:
https://www.adobe.com/support/downloads/detail.jsp?ftpID=3849
Adobe Acrobat for Macintosh:
https://www.adobe.com/support/downloads/detail.jsp?ftpID=3856
Adobe Acrobat 3D version:
https://www.adobe.com/support/downloads/detail.jsp?ftpID=3850
Adobe Reader 7:
https://www.adobe.com/go/getreader
Adobe Acrobat 7 for Windows:
https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Adobe Acrobat 7 for Macintosh:
https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

• https://www.adobe.com/support/security/bulletins/apsb08-13.html