CVE-2008-2992

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

References

http://download.oracle.com/sunalerts/1019937.1.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

http://osvdb.org/49520

http://secunia.com/advisories/29773

http://secunia.com/advisories/32700

http://secunia.com/advisories/32872

http://secunia.com/advisories/35163

http://secunia.com/secunia_research/2008-14/

http://securityreason.com/securityalert/4549

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609

http://www.adobe.com/support/security/bulletins/apsb08-19.html

http://www.coresecurity.com/content/adobe-reader-buffer-overflow

http://www.kb.cert.org/vuls/id/593409

http://www.redhat.com/support/errata/RHSA-2008-0974.html

http://www.securityfocus.com/archive/1/498027/100/0/threaded

http://www.securityfocus.com/archive/1/498032/100/0/threaded

http://www.securityfocus.com/archive/1/498055/100/0/threaded

http://www.securityfocus.com/bid/30035

http://www.securityfocus.com/bid/32091

http://www.securitytracker.com/id?1021140

http://www.us-cert.gov/cas/techalerts/TA08-309A.html

http://www.vupen.com/english/advisories/2008/3001

http://www.vupen.com/english/advisories/2009/0098

http://www.zerodayinitiative.com/advisories/ZDI-08-072/

https://www.exploit-db.com/exploits/6994

https://www.exploit-db.com/exploits/7006

Details

Source: MITRE

Published: 2008-11-04

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* versions up to 8.1.2 (inclusive)

cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* versions up to 8.1.2 (inclusive)

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
40802Adobe Acrobat < 8.1.3 Multiple VulnerabilitiesNessusWindows
high
40730RHEL 3 / 4 / 5 : acroread (RHSA-2008:0974)NessusRed Hat Local Security Checks
high
39905openSUSE Security Update : acroread (acroread-295)NessusSuSE Local Security Checks
high
35367GLSA-200901-09 : Adobe Reader: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
34943openSUSE 10 Security Update : acroread (acroread-5749)NessusSuSE Local Security Checks
high
34942SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5746)NessusSuSE Local Security Checks
high
34695Adobe Reader < 8.1.3 / 9.0 Multiple VulnerabilitiesNessusWindows
high