CVE-2008-2992 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2008-2992?

CVE-2008-2992 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-2992?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat Reader, Oracle Solaris.

Vulnerability Description

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adobe	Acrobat	<= 8.1.2
Adobe	Acrobat Reader	<= 8.1.2
Oracle	Solaris	10

Related Weaknesses (CWE)

CWE-787

References

http://download.oracle.com/sunalerts/1019937.1.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlMailing ListThird Party Advisory
http://osvdb.org/49520Broken Link
http://secunia.com/advisories/29773Broken LinkVendor Advisory
http://secunia.com/advisories/32700Broken LinkVendor Advisory
http://secunia.com/advisories/32872Broken LinkVendor Advisory
http://secunia.com/advisories/35163Broken LinkVendor Advisory
http://secunia.com/secunia_research/2008-14/Broken LinkVendor Advisory
http://securityreason.com/securityalert/4549Broken LinkExploit
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609Broken Link
http://www.adobe.com/support/security/bulletins/apsb08-19.htmlBroken LinkPatchVendor Advisory
http://www.coresecurity.com/content/adobe-reader-buffer-overflowThird Party Advisory
http://www.kb.cert.org/vuls/id/593409Third Party AdvisoryUS Government Resource
http://www.redhat.com/support/errata/RHSA-2008-0974.htmlBroken LinkPatch

FAQ

What is CVE-2008-2992?

CVE-2008-2992 is a vulnerability with a CVSS score of 7.8 (HIGH). Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted...

How severe is CVE-2008-2992?

CVE-2008-2992 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2992?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat Reader, Oracle Solaris.