The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Acrobat | Adobe | 7.0 (including) | 7.1.1 (including) |
Acrobat | Adobe | 8.0 (including) | 8.1.4 (including) |
Acrobat | Adobe | 9.0 (including) | 9.1 (including) |
Extras for RHEL 3 | RedHat | acroread-0:8.1.5-2 | * |
Extras for RHEL 4 | RedHat | acroread-0:8.1.5-1.el4 | * |
Supplementary for Red Hat Enterprise Linux 5 | RedHat | acroread-0:8.1.5-1.el5 | * |
Acroread | Ubuntu | dapper | * |
Acroread | Ubuntu | devel | * |
Acroread | Ubuntu | hardy | * |
Acroread | Ubuntu | intrepid | * |
Acroread | Ubuntu | jaunty | * |
Acroread | Ubuntu | karmic | * |