CVE-2007-5659

Adobe Acrobat and Reader Buffer Overflow Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.

Múltiples desbordamientos de búfer en Adobe Reader and Acrobat 8.1.1 y anteriores permiten a atacantes remotos ejecutar código de su elección a través de ficheros PDF con argumentos largos de métodos no especificados de JavaScript.
NOTA: esta cuestión podría ser subsumida por CVE-2008-0655.

Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-10-23 CVE Reserved
2008-02-06 First Exploit
2008-02-11 CVE Published
2022-06-08 Exploited in Wild
2022-06-22 KEV Due Date
2024-07-16 EPSS Updated
2024-08-07 CVE Updated

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (17)

URL	Tag	Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657	Broken Link
http://secunia.com/advisories/29065	Broken Link
http://secunia.com/advisories/29205	Broken Link
http://secunia.com/advisories/30840	Broken Link
http://www.kb.cert.org/vuls/id/666281	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-043A.html	Broken Link
http://www.vupen.com/english/advisories/2008/1966/references	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9813	Broken Link

URL	Date	SRC
https://www.exploit-db.com/exploits/31114	2008-02-06
https://www.exploit-db.com/exploits/16674	2010-09-25

URL	Date	SRC

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200803-01.xml	2024-06-28
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1	2024-06-28
http://www.adobe.com/support/security/advisories/apsa08-01.html	2024-06-28
http://www.adobe.com/support/security/bulletins/apsb08-13.html	2024-06-28
http://www.redhat.com/support/errata/RHSA-2008-0144.html	2024-06-28
https://access.redhat.com/security/cve/CVE-2007-5659	2008-02-22
https://bugzilla.redhat.com/show_bug.cgi?id=432629	2008-02-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				< 8.1.2 Search vendor "Adobe" for product "Acrobat" and version " < 8.1.2"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				< 8.1.2 Search vendor "Adobe" for product "Acrobat Reader" and version " < 8.1.2"		-		Affected