CVE-2008-0726 - OpenCVE

Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Acrobat Reader Acrobat

Configuration 1 [-]

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat_reader::::::::

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html
http://secunia.com/advisories/28983	Vendor Advisory
http://secunia.com/advisories/29065	Vendor Advisory
http://secunia.com/advisories/29205
http://secunia.com/advisories/30840
http://security.gentoo.org/glsa/glsa-200803-01.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
http://www.adobe.com/support/security/advisories/apsa08-01.html	Patch
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://www.securityfocus.com/archive/1/488000/100/0/threaded
http://www.vupen.com/english/advisories/2008/1966/references
http://www.zerodayinitiative.com/advisories/ZDI-08-004.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-12T19:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2008-02-11T00:00:00

Link: CVE-2008-0726

JSON object: View

NVD Information

Status : Modified

Published: 2008-02-12T20:00:00.000

Modified: 2018-10-15T22:02:42.040

Link: CVE-2008-0726

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-08T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SA:2008:009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"}, {"name": "ADV-2008-1966", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1966/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/advisories/apsa08-01.html"}, {"name": "28983", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28983"}, {"name": "239286", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"}, {"name": "20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488000/100/0/threaded"}, {"name": "GLSA-200803-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200803-01.xml"}, {"name": "29065", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29065"}, {"name": "30840", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30840"}, {"name": "29205", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29205"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html"}, {"name": "oval:org.mitre.oval:def:10957", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957"}, {"name": "RHSA-2008:0144", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0726", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SA:2008:009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb08-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"}, {"name": "ADV-2008-1966", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1966/references"}, {"name": "http://www.adobe.com/support/security/advisories/apsa08-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa08-01.html"}, {"name": "28983", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28983"}, {"name": "239286", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"}, {"name": "20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488000/100/0/threaded"}, {"name": "GLSA-200803-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200803-01.xml"}, {"name": "29065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29065"}, {"name": "30840", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30840"}, {"name": "29205", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29205"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html"}, {"name": "oval:org.mitre.oval:def:10957", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957"}, {"name": "RHSA-2008:0144", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0726", "datePublished": "2008-02-12T19:00:00", "dateReserved": "2008-02-11T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A068220-ADFE-46F0-AE35-3355BEFEECD9", "versionEndIncluding": "8.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "82321E60-2553-41E2-A4F4-375CFF011C0A", "versionEndIncluding": "8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption."}, {"lang": "es", "value": "Desbordamiento de tipo integer en Adobe Reader y Acrobat 8.1.1 y anteriores. Permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos manipulados a los printSepsWithParams, lo que dispara corrupci\u00f3n de memoria."}], "id": "CVE-2008-0726", "lastModified": "2018-10-15T22:02:42.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-02-12T20:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28983"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29065"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29205"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30840"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200803-01.xml"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.adobe.com/support/security/advisories/apsa08-01.html"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/488000/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1966/references"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}