9.3

CVE-2008-2992

Warnung
Exploit
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Version <= 8.1.2
AdobeAcrobat Reader Version <= 8.1.2
OracleSolaris Version10

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Reader and Acrobat Input Validation Vulnerability

Schwachstelle

Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 98.48% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Third Party Advisory
Mailing List
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801
Broken Link
http://download.oracle.com/sunalerts/1019937.1.html
Third Party Advisory
http://secunia.com/advisories/32700
Vendor Advisory
Broken Link
http://secunia.com/advisories/32872
Vendor Advisory
Broken Link
http://secunia.com/advisories/35163
Vendor Advisory
Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609
Broken Link
http://www.adobe.com/support/security/bulletins/apsb08-19.html
Patch
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0974.html
Patch
Broken Link
http://www.securitytracker.com/id?1021140
Third Party Advisory
Broken Link
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-309A.html
Third Party Advisory
US Government Resource
Broken Link
http://www.vupen.com/english/advisories/2008/3001
Vendor Advisory
Broken Link
http://www.vupen.com/english/advisories/2009/0098
Vendor Advisory
Broken Link
http://osvdb.org/49520
Broken Link
http://secunia.com/advisories/29773
Vendor Advisory
Broken Link
http://secunia.com/secunia_research/2008-14/
Vendor Advisory
Broken Link
http://securityreason.com/securityalert/4549
Exploit
Broken Link
http://www.coresecurity.com/content/adobe-reader-buffer-overflow
Third Party Advisory
http://www.kb.cert.org/vuls/id/593409
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/498027/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/498032/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/498055/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/30035
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/32091
Third Party Advisory
Broken Link
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-072/
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/6994
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/7006
Third Party Advisory
Exploit
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-2992
US Government Resource