Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5663

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5663
Last Modified 07 Mar 2011 10:01:06
Published 12 Feb 2008 02:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5663

Summary

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.

Vulnerable Systems

Application

  • Adobe Acrobat 8.1.1

  • Adobe Acrobat Reader 8.1.1


References

CERT-VN - VU#140129

CERT - TA08-043A

CONFIRM - http://www.adobe.com/support/security/advisories/apsa08-01.html

VUPEN - ADV-2008-1966

SUNALERT - 239286

SECUNIA - 30840

IDEFENSE - 20080208 Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability

REDHAT - RHSA-2008:0144

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-13.html

GENTOO - GLSA-200803-01

SECUNIA - 29205

SECUNIA - 29065

Related Patches

Adobe Acrobat 7.1.0 Update for Mac

Adobe Acrobat 8.1.2 Update for Mac

Adobe Reader 8.1.2 Update for Macintosh (PPC) (Rev 2)

Adobe Reader 8.1.2 Update (See Note) (Rev 6)


Last Updated: 27 May 2016 10:46:14