CVE-2008-2992

KEV

🔴 Łataj teraz

Przepełnienie bufora w Adobe Acrobat i Reader umożliwia zdalne wykonanie kodu przez PDF.

CVSS

7.8

EPSS

93.7%

Exploit

weaponized

Vendor

adobe

Opis źródłowy (NVD)

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

buffer-overflow exploit Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	7.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	93.7%
Opublikowano (NVD)	2008-11-04 18:29:47 UTC
Ostatnia modyfikacja (NVD)	2026-04-22 14:12:00 UTC

Referencje

http://download.oracle.com/sunalerts/1019937.1.html (cve@mitre.org) [Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html (cve@mitre.org) [Mailing List, Third Party Advisory]
http://osvdb.org/49520 (cve@mitre.org) [Broken Link]
http://secunia.com/advisories/29773 (cve@mitre.org) [Broken Link, Vendor Advisory]
http://secunia.com/advisories/32700 (cve@mitre.org) [Broken Link, Vendor Advisory]
http://secunia.com/advisories/32872 (cve@mitre.org) [Broken Link, Vendor Advisory]
http://secunia.com/advisories/35163 (cve@mitre.org) [Broken Link, Vendor Advisory]
http://secunia.com/secunia_research/2008-14/ (cve@mitre.org) [Broken Link, Vendor Advisory]
http://securityreason.com/securityalert/4549 (cve@mitre.org) [Broken Link, Exploit]
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 (cve@mitre.org) [Broken Link]
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 (cve@mitre.org) [Broken Link]
http://www.adobe.com/support/security/bulletins/apsb08-19.html (cve@mitre.org) [Broken Link, Patch, Vendor Advisory]
http://www.coresecurity.com/content/adobe-reader-buffer-overflow (cve@mitre.org) [Third Party Advisory]
http://www.kb.cert.org/vuls/id/593409 (cve@mitre.org) [Third Party Advisory, US Government Resource]
http://www.redhat.com/support/errata/RHSA-2008-0974.html (cve@mitre.org) [Broken Link, Patch]
http://www.securityfocus.com/archive/1/498027/100/0/threaded (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securityfocus.com/archive/1/498032/100/0/threaded (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securityfocus.com/archive/1/498055/100/0/threaded (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securityfocus.com/bid/30035 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securityfocus.com/bid/32091 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securitytracker.com/id?1021140 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.us-cert.gov/cas/techalerts/TA08-309A.html (cve@mitre.org) [Broken Link, Third Party Advisory, US Government Resource]
http://www.vupen.com/english/advisories/2008/3001 (cve@mitre.org) [Broken Link, Vendor Advisory]
http://www.vupen.com/english/advisories/2009/0098 (cve@mitre.org) [Broken Link, Vendor Advisory]
http://www.zerodayinitiative.com/advisories/ZDI-08-072/ (cve@mitre.org) [Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/6994 (cve@mitre.org) [Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/7006 (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-2992 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]