Lucene search

SAINT CorporationSAINT:22459163D2571D998ED9A70773F75624

HistoryNov 13, 2008 - 12:00 a.m.

Adobe Acrobat and Reader JavaScript buffer overflow

2008-11-1300:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Added: 11/13/2008
CVE: CVE-2007-5659
BID: 27641
OSVDB: 41495

Background

Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.

Problem

Buffer overflow vulnerabilities in several JavaScript functions allow command execution when a user loads a PDF file which calls one of the affected functions with a long, specially crafted argument.

Resolution

Upgrade to Adobe Reader or Adobe Acrobat 8.1.2 or higher.

References

<http://www.adobe.com/support/security/bulletins/apsb08-13.html>
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657>

Limitations

Exploit works on Adobe Acrobat 8.0 and Adobe Reader 8.1.1 and requires a user to open the exploit file using the affected application.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for SAINT:22459163D2571D998ED9A70773F75624