CVE-2007-5659

Warnung

EPSS 93.26%
Veröffentlicht 12.02.2008 19:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods.  NOTE: this issue might be subsumed by CVE-2008-0655.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Acrobat Version < 8.1.2

Adobe ≫ Acrobat Reader Version < 8.1.2

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Buffer Overflow Vulnerability

Schwachstelle

Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.26%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://secunia.com/advisories/29065

Broken Link

http://www.redhat.com/support/errata/RHSA-2008-0144.html

Broken Link

http://secunia.com/advisories/29205

Broken Link

http://security.gentoo.org/glsa/glsa-200803-01.xml

Third Party Advisory

http://secunia.com/advisories/30840

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1

Broken Link