Executive Summary

Informations
NameCVE-2008-4812First vendor Publication2008-11-05
VendorCveLast vendor Modification2012-11-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application87
Application33

OpenVAS Exploits

DateDescription
2009-01-20Name : Gentoo Security Advisory GLSA 200901-09 (acroread)
File : nvt/glsa_200901_09.nasl
2008-11-05Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
File : nvt/gb_adobe_prdts_mult_vuln_nov08_win.nasl
2008-11-05Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Linux)
File : nvt/gb_adobe_prdts_mult_vuln_nov08_lin.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
50247Adobe Reader / Acrobat Type 1 Font Handling Arbitrary Remote Code Execution

Nessus® Vulnerability Scanner

DateDescription
2009-08-28Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_813.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0974.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_acroread-081107.nasl - Type : ACT_GATHER_INFO
2009-01-14Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200901-09.nasl - Type : ACT_GATHER_INFO
2008-11-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-5746.nasl - Type : ACT_GATHER_INFO
2008-11-24Name : The remote openSUSE host is missing a security update.
File : suse_acroread-5749.nasl - Type : ACT_GATHER_INFO
2008-11-04Name : The PDF file viewer on the remote Windows host is affected by multiple vulner...
File : adobe_reader_813.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/32100
CERT http://www.us-cert.gov/cas/techalerts/TA08-309A.html
CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609
http://www.adobe.com/support/security/bulletins/apsb08-19.html
IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
REDHAT http://www.redhat.com/support/errata/RHSA-2008-0974.html
SECTRACK http://www.securitytracker.com/id?1021140
SUNALERT http://download.oracle.com/sunalerts/1019937.1.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
VUPEN http://www.vupen.com/english/advisories/2008/3001
http://www.vupen.com/english/advisories/2009/0098
XF http://xforce.iss.net/xforce/xfdb/46332

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2016-06-29 00:01:57
  • Multiple Updates
2016-06-28 17:19:37
  • Multiple Updates
2016-04-26 17:58:15
  • Multiple Updates
2014-02-17 10:47:05
  • Multiple Updates
2013-05-11 00:29:22
  • Multiple Updates