CVE-2008-2992
Adobe Reader and Acrobat Input Validation Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Un desbordamiento de búfer en la región stack de la memoria en Adobe Acrobat y Reader versión 8.1.2 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que llama a la función JavaScript util.printf con un argumento de cadena de formato creado, un problema relacionado con el CVE-2008-1104.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists in the handling of embedded Javascript code when opening a PDF. Adobe Acrobat has defined it's own set of Javascript functions that can be used in a PDF file. Due to improper parameter checking to one of these functions arbitrary memory can be over-written leading to remote code execution. If successfully exploited remote control of the target system can be gained with the credentials of the logged in user.
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
*Credits:
Peter Vreugdenhil
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-07-02 CVE Reserved
- 2008-11-04 CVE Published
- 2010-05-03 First Exploit
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2024-08-07 CVE Updated
- 2024-11-10 EPSS Updated
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (31)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/49520 | Vdb Entry | |
| http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 | X_refsource_confirm | |
| http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 | X_refsource_confirm | |
| http://www.coresecurity.com/content/adobe-reader-buffer-overflow | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/593409 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/498027/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/498032/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/498055/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/30035 | Vdb Entry | |
| http://www.securityfocus.com/bid/32091 | Vdb Entry | |
| http://www.securitytracker.com/id?1021140 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-309A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-072 | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16504 | 2010-05-03 | |
| https://www.exploit-db.com/exploits/16624 | 2010-09-25 | |
| https://www.exploit-db.com/exploits/6994 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/7006 | 2024-08-07 | |
| http://securityreason.com/securityalert/4549 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb08-19.html | 2018-10-30 | |
| http://www.redhat.com/support/errata/RHSA-2008-0974.html | 2018-10-30 |
| URL | Date | SRC |
|---|---|---|
| http://download.oracle.com/sunalerts/1019937.1.html | 2018-10-30 | |
| http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html | 2018-10-30 | |
| http://secunia.com/advisories/29773 | 2018-10-30 | |
| http://secunia.com/advisories/32700 | 2018-10-30 | |
| http://secunia.com/advisories/32872 | 2018-10-30 | |
| http://secunia.com/advisories/35163 | 2018-10-30 | |
| http://secunia.com/secunia_research/2008-14 | 2018-10-30 | |
| http://www.vupen.com/english/advisories/2008/3001 | 2018-10-30 | |
| http://www.vupen.com/english/advisories/2009/0098 | 2018-10-30 | |
| https://access.redhat.com/security/cve/CVE-2008-2992 | 2008-11-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=469877 | 2008-11-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 8.1.2 Search vendor "Adobe" for product "Acrobat" and version " <= 8.1.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 3.0 Search vendor "Adobe" for product "Acrobat" and version "3.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 3.1 Search vendor "Adobe" for product "Acrobat" and version "3.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 4.0 Search vendor "Adobe" for product "Acrobat" and version "4.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 4.0.5 Search vendor "Adobe" for product "Acrobat" and version "4.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 4.0.5a Search vendor "Adobe" for product "Acrobat" and version "4.0.5a" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 4.0.5c Search vendor "Adobe" for product "Acrobat" and version "4.0.5c" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 5.0 Search vendor "Adobe" for product "Acrobat" and version "5.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 5.0.5 Search vendor "Adobe" for product "Acrobat" and version "5.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 5.0.6 Search vendor "Adobe" for product "Acrobat" and version "5.0.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 5.0.10 Search vendor "Adobe" for product "Acrobat" and version "5.0.10" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 6.0 Search vendor "Adobe" for product "Acrobat" and version "6.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 6.0.1 Search vendor "Adobe" for product "Acrobat" and version "6.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 6.0.2 Search vendor "Adobe" for product "Acrobat" and version "6.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 6.0.3 Search vendor "Adobe" for product "Acrobat" and version "6.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 6.0.4 Search vendor "Adobe" for product "Acrobat" and version "6.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 6.0.5 Search vendor "Adobe" for product "Acrobat" and version "6.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0 Search vendor "Adobe" for product "Acrobat" and version "7.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.1 Search vendor "Adobe" for product "Acrobat" and version "7.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.2 Search vendor "Adobe" for product "Acrobat" and version "7.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.3 Search vendor "Adobe" for product "Acrobat" and version "7.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.4 Search vendor "Adobe" for product "Acrobat" and version "7.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.5 Search vendor "Adobe" for product "Acrobat" and version "7.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.6 Search vendor "Adobe" for product "Acrobat" and version "7.0.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.7 Search vendor "Adobe" for product "Acrobat" and version "7.0.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.8 Search vendor "Adobe" for product "Acrobat" and version "7.0.8" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.9 Search vendor "Adobe" for product "Acrobat" and version "7.0.9" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.0 Search vendor "Adobe" for product "Acrobat" and version "8.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1 Search vendor "Adobe" for product "Acrobat" and version "8.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1.1 Search vendor "Adobe" for product "Acrobat" and version "8.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | <= 8.1.2 Search vendor "Adobe" for product "Acrobat Reader" and version " <= 8.1.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 3.0 Search vendor "Adobe" for product "Acrobat Reader" and version "3.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 4.0 Search vendor "Adobe" for product "Acrobat Reader" and version "4.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 4.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "4.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 4.0.5a Search vendor "Adobe" for product "Acrobat Reader" and version "4.0.5a" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 4.0.5c Search vendor "Adobe" for product "Acrobat Reader" and version "4.0.5c" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 4.5 Search vendor "Adobe" for product "Acrobat Reader" and version "4.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.0 Search vendor "Adobe" for product "Acrobat Reader" and version "5.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "5.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.0.6 Search vendor "Adobe" for product "Acrobat Reader" and version "5.0.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.0.7 Search vendor "Adobe" for product "Acrobat Reader" and version "5.0.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.0.9 Search vendor "Adobe" for product "Acrobat Reader" and version "5.0.9" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.0.10 Search vendor "Adobe" for product "Acrobat Reader" and version "5.0.10" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.0.11 Search vendor "Adobe" for product "Acrobat Reader" and version "5.0.11" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 5.1 Search vendor "Adobe" for product "Acrobat Reader" and version "5.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.1 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.2 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.3 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.4 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.1 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.2 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.3 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.4 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.6 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.7 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.8 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.8" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.9 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.9" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.0 Search vendor "Adobe" for product "Acrobat Reader" and version "8.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1.1 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1.1" | - |
Affected
| ||||||