CVE-2007-5020
published 2007-09-21CVE-2007-5020: Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the…
PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.97%
97.2th percentile
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | — | — |
| adobe | acrobat_reader | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Crafted PDF file exploiting the mailto: option in Adobe Acrobat/Reader 8.1 on Windows, specifically when opened with Internet Explorer 7 on Windows XP, can lead to arbitrary code execution. ↗
- →A separate but related attack vector involves PDF files containing file:// URLs that are silently opened without user interaction; monitor for PDF-triggered file:// URL navigations. ↗
- ·This vulnerability is Windows-platform specific and does not affect Adobe Acrobat Reader on Linux/UNIX platforms. ↗
- ·The exploit requires the specific combination of Adobe Acrobat/Reader 8.1, Internet Explorer 7, and Windows XP to be triggered as described. ↗
- ·Adobe confirmed the fix was included in Reader 9.4.1 and the 8.x release line, but the exact version that introduced the fix was not pinpointed by Adobe. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8vgw-qr5q-9wv4: Unspecified vulnerability in Adobe Acrobat and Reader 8
ghsa_unreviewed·2022-05-01
CVE-2007-5020 [HIGH] CWE-94 GHSA-8vgw-qr5q-9wv4: Unspecified vulnerability in Adobe Acrobat and Reader 8
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
VulnCheck
Adobe Acrobat and Reader Improper Control of Generation of Code ('Code Injection')
vulncheck·2007·CVSS 9.3
CVE-2007-5020 [CRITICAL] Adobe Acrobat and Reader Improper Control of Generation of Code ('Code Injection')
Adobe Acrobat and Reader Improper Control of Generation of Code ('Code Injection')
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
Affected: Adobe Acrobat and Reader
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://archive.f-secure.com/weblog/archives/00001303
Red Hat
CVE-2007-5020: Unspecified vulnerability in Adobe Acrobat and Reader 8
vendor_redhat·CVSS 9.3
CVE-2007-5020 [CRITICAL] CVE-2007-5020: Unspecified vulnerability in Adobe Acrobat and Reader 8
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
Statement: According to Abobe this issue affects only the Windows platform and therefore does not affect Adobe Acrobat Reader as distributed with Red Hat Enterprise Linux Extras.
http://www.adobe.com/support/security/advisories/apsa07-04.html
No detection rules found.
No public exploits indexed.
http://www.adobe.com/support/security/advisories/apsa07-04.htmlhttp://www.gnucitizen.org/blog/0day-pdf-pwns-windowshttp://www.securityfocus.com/archive/1/480080/100/0/threadedhttp://www.securityfocus.com/bid/25748http://www.securitytracker.com/id?1018723http://www.us-cert.gov/cas/techalerts/TA07-297B.htmlhttp://www.vupen.com/english/advisories/2007/3392https://exchange.xforce.ibmcloud.com/vulnerabilities/36722http://www.adobe.com/support/security/advisories/apsa07-04.htmlhttp://www.gnucitizen.org/blog/0day-pdf-pwns-windowshttp://www.securityfocus.com/archive/1/480080/100/0/threadedhttp://www.securityfocus.com/bid/25748http://www.securitytracker.com/id?1018723http://www.us-cert.gov/cas/techalerts/TA07-297B.htmlhttp://www.vupen.com/english/advisories/2007/3392https://exchange.xforce.ibmcloud.com/vulnerabilities/36722
2007-09-21
Published
Exploited in the wild