CVE-2007-5020 — Code Injection in Adobe Acrobat

CWE-94 — Code Injection5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

30.9%

top 3.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedSep 21

Latest updateMay 1

Description

Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/acrobat_reader8.1

▶NVDadobe/acrobat8.1

🔴Vulnerability Details

GHSA

GHSA-8vgw-qr5q-9wv4: Unspecified vulnerability in Adobe Acrobat and Reader 8↗2022-05-01

▶

VulnCheck

Adobe Acrobat and Reader Improper Control of Generation of Code ('Code Injection')↗2007

▶

📋Vendor Advisories

Red Hat

CVE-2007-5020: Unspecified vulnerability in Adobe Acrobat and Reader 8↗

▶

💬Community

Bugzilla

CVE-2007-1199 acroread arbitrary file:// URL execution↗2007-03-05

▶