Adobe Acrobat < 7.1.0 / 8.1.2 Unspecified JavaScript Method Handling Arbitrary Code Execution

High Nessus Plugin ID 40801


The version of Adobe Acrobat on the remote Windows host is affected by a JavaScript parsing vulnerability.


The version of Adobe Acrobat installed on the remote Windows host contains a flaw in the 'Collab.collectEmailInfo()' function that may allow a remote attacker to crash the application or to take control of the affected system.

To exploit this flaw, an attacker would need to trick a user on the affected system into opening a specially crafted PDF file using the affected application.


Upgrade to Adobe Acrobat 7.1.0 / 8.1.2 with Security Update 1 or later.

See Also

Plugin Details

Severity: High

ID: 40801

File Name: adobe_acrobat_812_su1.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2009/08/28

Modified: 2013/11/27

Dependencies: 40797

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: SMB/Acrobat/Version

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2008/06/23

Vulnerability Publication Date: 2008/06/23

Reference Information

CVE: CVE-2008-2641

BID: 29908

OSVDB: 46548

Secunia: 30832