CVE-2008-2992

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-2992
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://download.oracle.com/sunalerts/1019937.1.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List Third Party Advisory
http://osvdb.org/49520 Broken Link
http://secunia.com/advisories/29773 Broken Link Vendor Advisory
http://secunia.com/advisories/32700 Broken Link Vendor Advisory
http://secunia.com/advisories/32872 Broken Link Vendor Advisory
http://secunia.com/advisories/35163 Broken Link Vendor Advisory
http://secunia.com/secunia_research/2008-14/ Broken Link Vendor Advisory
http://securityreason.com/securityalert/4549 Broken Link Exploit
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 Broken Link
http://www.adobe.com/support/security/bulletins/apsb08-19.html Broken Link Patch Vendor Advisory
http://www.coresecurity.com/content/adobe-reader-buffer-overflow Third Party Advisory
http://www.kb.cert.org/vuls/id/593409 Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2008-0974.html Broken Link Patch
http://www.securityfocus.com/archive/1/498027/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498032/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498055/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/30035 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/32091 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021140 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-309A.html Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/3001 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2009/0098 Broken Link Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-072/ Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/6994 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/7006 Exploit Third Party Advisory VDB Entry
http://download.oracle.com/sunalerts/1019937.1.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List Third Party Advisory
http://osvdb.org/49520 Broken Link
http://secunia.com/advisories/29773 Broken Link Vendor Advisory
http://secunia.com/advisories/32700 Broken Link Vendor Advisory
http://secunia.com/advisories/32872 Broken Link Vendor Advisory
http://secunia.com/advisories/35163 Broken Link Vendor Advisory
http://secunia.com/secunia_research/2008-14/ Broken Link Vendor Advisory
http://securityreason.com/securityalert/4549 Broken Link Exploit
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 Broken Link
http://www.adobe.com/support/security/bulletins/apsb08-19.html Broken Link Patch Vendor Advisory
http://www.coresecurity.com/content/adobe-reader-buffer-overflow Third Party Advisory
http://www.kb.cert.org/vuls/id/593409 Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2008-0974.html Broken Link Patch
http://www.securityfocus.com/archive/1/498027/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498032/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498055/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/30035 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/32091 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021140 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-309A.html Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/3001 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2009/0098 Broken Link Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-072/ Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/6994 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/7006 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
History

21 Nov 2024, 00:48

Type Values Removed Values Added
References () http://download.oracle.com/sunalerts/1019937.1.html - Third Party Advisory () http://download.oracle.com/sunalerts/1019937.1.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List, Third Party Advisory
References () http://osvdb.org/49520 - Broken Link () http://osvdb.org/49520 - Broken Link
References () http://secunia.com/advisories/29773 - Broken Link, Vendor Advisory () http://secunia.com/advisories/29773 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/32700 - Broken Link, Vendor Advisory () http://secunia.com/advisories/32700 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/32872 - Broken Link, Vendor Advisory () http://secunia.com/advisories/32872 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/35163 - Broken Link, Vendor Advisory () http://secunia.com/advisories/35163 - Broken Link, Vendor Advisory
References () http://secunia.com/secunia_research/2008-14/ - Broken Link, Vendor Advisory () http://secunia.com/secunia_research/2008-14/ - Broken Link, Vendor Advisory
References () http://securityreason.com/securityalert/4549 - Broken Link, Exploit () http://securityreason.com/securityalert/4549 - Broken Link, Exploit
References () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 - Broken Link () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 - Broken Link
References () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 - Broken Link () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 - Broken Link
References () http://www.adobe.com/support/security/bulletins/apsb08-19.html - Broken Link, Patch, Vendor Advisory () http://www.adobe.com/support/security/bulletins/apsb08-19.html - Broken Link, Patch, Vendor Advisory
References () http://www.coresecurity.com/content/adobe-reader-buffer-overflow - Third Party Advisory () http://www.coresecurity.com/content/adobe-reader-buffer-overflow - Third Party Advisory
References () http://www.kb.cert.org/vuls/id/593409 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/593409 - Third Party Advisory, US Government Resource
References () http://www.redhat.com/support/errata/RHSA-2008-0974.html - Broken Link, Patch () http://www.redhat.com/support/errata/RHSA-2008-0974.html - Broken Link, Patch
References () http://www.securityfocus.com/archive/1/498027/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/498027/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/498032/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/498032/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/498055/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/498055/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/30035 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/30035 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/32091 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/32091 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1021140 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1021140 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA08-309A.html - Broken Link, Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA08-309A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2008/3001 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2008/3001 - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/0098 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2009/0098 - Broken Link, Vendor Advisory
References () http://www.zerodayinitiative.com/advisories/ZDI-08-072/ - Third Party Advisory, VDB Entry () http://www.zerodayinitiative.com/advisories/ZDI-08-072/ - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/6994 - Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/6994 - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/7006 - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/7006 - Exploit, Third Party Advisory, VDB Entry

16 Jul 2024, 17:41

Type Values Removed Values Added
First Time Oracle
Oracle solaris
CWE CWE-119 CWE-787
CPE cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*		 cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
CVSS v2 : 9.3
v3 : unknown 		v2 : 9.3
v3 : 7.8
References () http://download.oracle.com/sunalerts/1019937.1.html - () http://download.oracle.com/sunalerts/1019937.1.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List, Third Party Advisory
References () http://osvdb.org/49520 - () http://osvdb.org/49520 - Broken Link
References () http://secunia.com/advisories/29773 - Vendor Advisory () http://secunia.com/advisories/29773 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/32700 - Vendor Advisory () http://secunia.com/advisories/32700 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/32872 - Vendor Advisory () http://secunia.com/advisories/32872 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/35163 - Vendor Advisory () http://secunia.com/advisories/35163 - Broken Link, Vendor Advisory
References () http://secunia.com/secunia_research/2008-14/ - Vendor Advisory () http://secunia.com/secunia_research/2008-14/ - Broken Link, Vendor Advisory
References () http://securityreason.com/securityalert/4549 - Exploit () http://securityreason.com/securityalert/4549 - Broken Link, Exploit
References () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 - () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 - Broken Link
References () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 - () http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 - Broken Link
References () http://www.adobe.com/support/security/bulletins/apsb08-19.html - Patch, Vendor Advisory () http://www.adobe.com/support/security/bulletins/apsb08-19.html - Broken Link, Patch, Vendor Advisory
References () http://www.coresecurity.com/content/adobe-reader-buffer-overflow - () http://www.coresecurity.com/content/adobe-reader-buffer-overflow - Third Party Advisory
References () http://www.kb.cert.org/vuls/id/593409 - US Government Resource () http://www.kb.cert.org/vuls/id/593409 - Third Party Advisory, US Government Resource
References () http://www.redhat.com/support/errata/RHSA-2008-0974.html - Patch () http://www.redhat.com/support/errata/RHSA-2008-0974.html - Broken Link, Patch
References () http://www.securityfocus.com/archive/1/498027/100/0/threaded - () http://www.securityfocus.com/archive/1/498027/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/498032/100/0/threaded - () http://www.securityfocus.com/archive/1/498032/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/498055/100/0/threaded - () http://www.securityfocus.com/archive/1/498055/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/30035 - () http://www.securityfocus.com/bid/30035 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/32091 - () http://www.securityfocus.com/bid/32091 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1021140 - () http://www.securitytracker.com/id?1021140 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA08-309A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA08-309A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2008/3001 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/3001 - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/0098 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/0098 - Broken Link, Vendor Advisory
References () http://www.zerodayinitiative.com/advisories/ZDI-08-072/ - () http://www.zerodayinitiative.com/advisories/ZDI-08-072/ - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/6994 - () https://www.exploit-db.com/exploits/6994 - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/7006 - () https://www.exploit-db.com/exploits/7006 - Exploit, Third Party Advisory, VDB Entry
Information

Published : 2008-11-04 18:29

Updated : 2024-11-21 00:48

NVD link : CVE-2008-2992

Mitre link : CVE-2008-2992

CVE.ORG link : CVE-2008-2992

JSON object : View

Products Affected

adobe

  • acrobat_reader
  • acrobat

oracle

  • solaris
CWE
CWE-787

Out-of-bounds Write


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024