Adobe Reader < 7.1.0 / 8.1.2 SU1 Unspecified JavaScript Method Handling Arbitrary Code Execution

High Nessus Plugin ID 33256


The remote Windows host contains an application that allows remote code execution.


The version of Adobe Reader installed on the remote Windows host contains a flaw in the function Collab.collectEmailInfo() that could allow a remote attacker to crash the application and/or to take control of the affected system.

To exploit this flaw, an attacker would need to trick a user on the affected system into opening a specially crafted PDF file.


- If running 7.x, upgrade to version 7.1.0 or later.

- If running 8.x, upgrade to 8.1.2, if necessary, and then apply Adobe's Security Update 1 for 8.1.2.

See Also

Plugin Details

Severity: High

ID: 33256

File Name: adobe_reader_812_su1.nasl

Version: $Revision: 1.19 $

Type: local

Agent: windows

Family: Windows

Published: 2008/06/25

Modified: 2015/01/12

Dependencies: 20836

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:acrobat_reader

Required KB Items: SMB/Acroread/Version

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2008/06/23

Reference Information

CVE: CVE-2008-2641

BID: 29908

OSVDB: 46548

Secunia: 30832