9.3

CVE-2008-2042

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.

Data is provided by the National Vulnerability Database (NVD)
AdobeAcrobat Version <= 8.1.1
AdobeAcrobat Version3.0
AdobeAcrobat Version3.1
AdobeAcrobat Version4.0
AdobeAcrobat Version4.0.5
AdobeAcrobat Version4.0.5a
AdobeAcrobat Version4.0.5c
AdobeAcrobat Version5.0
AdobeAcrobat Version5.0.5
AdobeAcrobat Version5.0.6
AdobeAcrobat Version5.0.10
AdobeAcrobat Version6.0
AdobeAcrobat Version6.0.1
AdobeAcrobat Version6.0.2
AdobeAcrobat Version6.0.3
AdobeAcrobat Version6.0.4
AdobeAcrobat Version6.0.5
AdobeAcrobat Version6.0.6
AdobeAcrobat Version7.0
AdobeAcrobat Version7.0.1
AdobeAcrobat Version7.0.2
AdobeAcrobat Version7.0.3
AdobeAcrobat Version7.0.4
AdobeAcrobat Version7.0.5
AdobeAcrobat Version7.0.6
AdobeAcrobat Version7.0.7
AdobeAcrobat Version7.0.8
AdobeAcrobat Version7.0.9
AdobeAcrobat Version7.1.0
AdobeAcrobat Version7.1.1
AdobeAcrobat Version7.1.2
AdobeAcrobat Version7.1.3
AdobeAcrobat Version7.1.4
AdobeAcrobat Version8.0
AdobeAcrobat Version8.1
AdobeAcrobat Reader Version <= 8.1.1
AdobeAcrobat Reader Version3.0
AdobeAcrobat Reader Version3.01
AdobeAcrobat Reader Version3.02
AdobeAcrobat Reader Version4.0
AdobeAcrobat Reader Version4.0.5
AdobeAcrobat Reader Version4.0.5a
AdobeAcrobat Reader Version4.0.5c
AdobeAcrobat Reader Version4.5
AdobeAcrobat Reader Version5.0
AdobeAcrobat Reader Version5.0.5
AdobeAcrobat Reader Version5.0.6
AdobeAcrobat Reader Version5.0.7
AdobeAcrobat Reader Version5.0.9
AdobeAcrobat Reader Version5.0.10
AdobeAcrobat Reader Version5.0.11
AdobeAcrobat Reader Version5.1
AdobeAcrobat Reader Version6.0
AdobeAcrobat Reader Version6.0.1
AdobeAcrobat Reader Version6.0.2
AdobeAcrobat Reader Version6.0.3
AdobeAcrobat Reader Version6.0.4
AdobeAcrobat Reader Version6.0.5
AdobeAcrobat Reader Version6.0.6
AdobeAcrobat Reader Version7.0
AdobeAcrobat Reader Version7.0.1
AdobeAcrobat Reader Version7.0.2
AdobeAcrobat Reader Version7.0.3
AdobeAcrobat Reader Version7.0.4
AdobeAcrobat Reader Version7.0.5
AdobeAcrobat Reader Version7.0.6
AdobeAcrobat Reader Version7.0.7
AdobeAcrobat Reader Version7.0.8
AdobeAcrobat Reader Version7.0.9
AdobeAcrobat Reader Version7.1.0
AdobeAcrobat Reader Version7.1.1
AdobeAcrobat Reader Version7.1.2
AdobeAcrobat Reader Version7.1.3
AdobeAcrobat Reader Version7.1.4
AdobeAcrobat Reader Version8.0
AdobeAcrobat Reader Version8.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 4.48% 0.886
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.