CVE-2008-5409

BitDefender - Module pdf.xmd Infinite Loop Denial of Service (PoC)

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.

Vulnerabilidad sin especificar en el módulo pdf.xmd en (1) BitDefender Free Edition 10 y Antivirus Standard 10, (2) BullGuard Internet Security v8.5, y (3) Software602 Groupware Server v6.0.08.1118, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un archivo PDF manipulado, seguramente relacionado con la inclusión de flujos comprimidos que son procesados con el filtro ASCIIHexDecode. NOTA: algunos de éstos detalles han sido obtenidos a partir de terceros.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-12-08 CVE Reserved
2008-12-09 CVE Published
2023-03-14 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (10)

URL	Tag	Source
http://milw0rm.com/sploits/2008-BitDefenderDOS.zip	X_refsource_misc
http://osvdb.org/50010	Vdb Entry
http://osvdb.org/50103	Vdb Entry
http://osvdb.org/50205	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46750	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/7178	2024-08-07
http://www.securityfocus.com/bid/32396	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/27805	2017-10-19
http://secunia.com/advisories/32789	2017-10-19
http://secunia.com/advisories/32814	2017-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bitdefender Search vendor "Bitdefender"		Antivirus Search vendor "Bitdefender" for product "Antivirus"				10 Search vendor "Bitdefender" for product "Antivirus" and version "10"		_nil_, standard		Affected
Bitdefender Search vendor "Bitdefender"		Bitdefender Search vendor "Bitdefender" for product "Bitdefender"				10 Search vendor "Bitdefender" for product "Bitdefender" and version "10"		_nil_, free_edition		Affected
Bullguard Search vendor "Bullguard"		Internet Security Search vendor "Bullguard" for product "Internet Security"				8.5 Search vendor "Bullguard" for product "Internet Security" and version "8.5"		-		Affected
Software602 Search vendor "Software602"		Groupware Server Search vendor "Software602" for product "Groupware Server"				6.0.08.1118 Search vendor "Software602" for product "Groupware Server" and version "6.0.08.1118"		-		Affected