9.3
CVE-2007-5659
- EPSS 94.22%
- Veröffentlicht 12.02.2008 19:00:00
- Zuletzt bearbeitet 16.06.2026 22:46:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Acrobat Reader Version < 8.1.2
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe Acrobat and Reader Buffer Overflow Vulnerability
SchwachstelleAdobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.22% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://secunia.com/advisories/29065
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://secunia.com/advisories/29205
http://security.gentoo.org/glsa/glsa-200803-01.xml
http://secunia.com/advisories/30840
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.vupen.com/english/advisories/2008/1966/references
http://www.adobe.com/support/security/advisories/apsa08-01.html
http://www.us-cert.gov/cas/techalerts/TA08-043A.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657
http://www.kb.cert.org/vuls/id/666281
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9813
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-5659