Executive Summary

Informations
NameCVE-2008-4812First vendor Publication2008-11-05
VendorCveLast vendor Modification2012-11-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application7
Application1

OpenVAS Exploits

DateDescription
2009-01-20Name : Gentoo Security Advisory GLSA 200901-09 (acroread)
File : nvt/glsa_200901_09.nasl
2008-11-05Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
File : nvt/gb_adobe_prdts_mult_vuln_nov08_win.nasl
2008-11-05Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Linux)
File : nvt/gb_adobe_prdts_mult_vuln_nov08_lin.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
50247Adobe Reader / Acrobat Type 1 Font Handling Arbitrary Remote Code Execution

Nessus® Vulnerability Scanner

DateDescription
2009-08-28Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_813.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0974.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_acroread-081107.nasl - Type : ACT_GATHER_INFO
2009-01-14Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200901-09.nasl - Type : ACT_GATHER_INFO
2008-11-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-5746.nasl - Type : ACT_GATHER_INFO
2008-11-24Name : The remote openSUSE host is missing a security update.
File : suse_acroread-5749.nasl - Type : ACT_GATHER_INFO
2008-11-04Name : The PDF file viewer on the remote Windows host is affected by multiple vulner...
File : adobe_reader_813.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/32100
CERThttp://www.us-cert.gov/cas/techalerts/TA08-309A.html
CONFIRMhttp://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609
http://www.adobe.com/support/security/bulletins/apsb08-19.html
IDEFENSEhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
REDHAThttp://www.redhat.com/support/errata/RHSA-2008-0974.html
SECTRACKhttp://www.securitytracker.com/id?1021140
SECUNIAhttp://secunia.com/advisories/32700
http://secunia.com/advisories/32872
http://secunia.com/advisories/35163
SUNALERThttp://download.oracle.com/sunalerts/1019937.1.html
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
VUPENhttp://www.vupen.com/english/advisories/2008/3001
http://www.vupen.com/english/advisories/2009/0098
XFhttp://xforce.iss.net/xforce/xfdb/46332

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:47:05
  • Multiple Updates
2013-05-11 00:29:22
  • Multiple Updates