CVE-2007-5659

Warning

EPSS 93.26%
Published 12.02.2008 19:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods.  NOTE: this issue might be subsumed by CVE-2008-0655.

Affected products Warnungen 1 Metrics 4 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Acrobat Version < 8.1.2

Adobe ≫ Acrobat Reader Version < 8.1.2

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Buffer Overflow Vulnerability

Vulnerability

Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.26%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://secunia.com/advisories/29065

Broken Link

http://www.redhat.com/support/errata/RHSA-2008-0144.html

Broken Link

http://secunia.com/advisories/29205

Broken Link

http://security.gentoo.org/glsa/glsa-200803-01.xml

Third Party Advisory

http://secunia.com/advisories/30840

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1

Broken Link