CVE-2008-4817

EPSS 17.07%
Veröffentlicht 05.11.2008 15:00:14
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Acrobat Updateunknown Edition3d Version <= 8.1.2

Adobe ≫ Download Manager

Adobe ≫ Acrobat Updateunknown Editionprofessional Version <= 8.1.2

Adobe ≫ Download Manager

Adobe ≫ Acrobat Updateunknown Editionstandard Version <= 8.1.2

Adobe ≫ Download Manager

Adobe ≫ Acrobat Version8.1.1

Adobe ≫ Download Manager

Adobe ≫ Acrobat Version8.1.1 Updateunknown Edition3d

Adobe ≫ Download Manager

Adobe ≫ Acrobat Version8.1.1 Updateunknown Editionprofessional

Adobe ≫ Download Manager

Adobe ≫ Acrobat Version8.1.1 Updateunknown Editionstandard

Adobe ≫ Download Manager

Adobe ≫ Acrobat Reader Version <= 8.0

Adobe ≫ Download Manager

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.07%	0.947

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

http://download.oracle.com/sunalerts/1019937.1.html

http://secunia.com/advisories/32700

http://secunia.com/advisories/32872

http://www.adobe.com/support/security/bulletins/apsb08-19.html

Patch

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0974.html

http://www.securitytracker.com/id?1021140

http://www.us-cert.gov/cas/techalerts/TA08-309A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/3001