Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2992

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2992
Last Modified 27 Aug 2013 02:03:01
Published 04 Nov 2008 01:29:47
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2992

Summary

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

Vulnerable Systems

Application

  • Adobe Acrobat 3.0

  • Adobe Acrobat 3.1

  • Adobe Acrobat 4.0

  • Adobe Acrobat 4.0.5

  • Adobe Acrobat 4.0.5a

  • Adobe Acrobat 4.0.5c

  • Adobe Acrobat 5.0

  • Adobe Acrobat 5.0.10

  • Adobe Acrobat 5.0.5

  • Adobe Acrobat 5.0.6

  • Adobe Acrobat 6.0

  • Adobe Acrobat 6.0.1

  • Adobe Acrobat 6.0.2

  • Adobe Acrobat 6.0.3

  • Adobe Acrobat 6.0.4

  • Adobe Acrobat 6.0.5

  • Adobe Acrobat 7.0

  • Adobe Acrobat 7.0.1

  • Adobe Acrobat 7.0.2

  • Adobe Acrobat 7.0.3

  • Adobe Acrobat 7.0.4

  • Adobe Acrobat 7.0.5

  • Adobe Acrobat 7.0.6

  • Adobe Acrobat 7.0.7

  • Adobe Acrobat 7.0.8

  • Adobe Acrobat 7.0.9

  • Adobe Acrobat 8.0.0

  • Adobe Acrobat 8.1

  • Adobe Acrobat 8.1.1

  • Adobe Acrobat 8.1.2

  • Adobe Acrobat Reader 3.0

  • Adobe Acrobat Reader 4.0

  • Adobe Acrobat Reader 4.0.5

  • Adobe Acrobat Reader 4.0.5a

  • Adobe Acrobat Reader 4.0.5c

  • Adobe Acrobat Reader 4.5

  • Adobe Acrobat Reader 5.0

  • Adobe Acrobat Reader 5.0.10

  • Adobe Acrobat Reader 5.0.11

  • Adobe Acrobat Reader 5.0.5

  • Adobe Acrobat Reader 5.0.6

  • Adobe Acrobat Reader 5.0.7

  • Adobe Acrobat Reader 5.0.9

  • Adobe Acrobat Reader 5.1

  • Adobe Acrobat Reader 6.0

  • Adobe Acrobat Reader 6.0.1

  • Adobe Acrobat Reader 6.0.2

  • Adobe Acrobat Reader 6.0.3

  • Adobe Acrobat Reader 6.0.4

  • Adobe Acrobat Reader 6.0.5

  • Adobe Acrobat Reader 7.0

  • Adobe Acrobat Reader 7.0.1

  • Adobe Acrobat Reader 7.0.2

  • Adobe Acrobat Reader 7.0.3

  • Adobe Acrobat Reader 7.0.4

  • Adobe Acrobat Reader 7.0.5

  • Adobe Acrobat Reader 7.0.6

  • Adobe Acrobat Reader 7.0.7

  • Adobe Acrobat Reader 7.0.8

  • Adobe Acrobat Reader 7.0.9

  • Adobe Acrobat Reader 8.0

  • Adobe Acrobat Reader 8.1

  • Adobe Acrobat Reader 8.1.1

  • Adobe Acrobat Reader 8.1.2


References

CERT - TA08-309A

CERT-VN - VU#593409

REDHAT - RHSA-2008:0974

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb08-19.html

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-072/

VUPEN - ADV-2009-0098

VUPEN - ADV-2008-3001

BID - 32091

BID - 30035

BUGTRAQ - 20081104 ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability

BUGTRAQ - 20081104 CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow

BUGTRAQ - 20081104 Secunia Research: Adobe Acrobat/Reader

MILW0RM - 7006

MILW0RM - 6994

MISC - http://www.coresecurity.com/content/adobe-reader-buffer-overflow

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801

SREASON - 4549

MISC - http://secunia.com/secunia_research/2008-14/

SECUNIA - 35163

SECUNIA - 32872

SECUNIA - 32700

SECUNIA - 29773

OSVDB - 49520

SUSE - SUSE-SR:2008:026

SECTRACK - 1021140

SUNALERT - 249366

BUGTRAQ - 20081104 Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow

Related Patches

Adobe Acrobat 8.1.3 Update for Mac

Adobe Reader 8.1.3 Update for Macintosh (PPC)

Adobe Reader 8.1.3 Update for Windows (Rev 2)


Last Updated: 27 May 2016 10:47:14