Getting Owned By Malicious PDF - Analysis

Year 2008 was not so good for Adobe Acrobat Reader users especially for those using versions prior to version 9. Core Security had released the advisory to address about util.printf stack buffer overflow vulnerability on Adobe Acrobat Reader with CVE tag CVE-2008-2992. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crashing the application, denying service to the legitimate user. A more detailed description by CoreSecurity researcher about the vulnerability and exploitation analysis is available for further information on this vulnerability.