⚠ Actively exploited
Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: Apply updates per vendor instructions..

CVE-2007-5659Classic Buffer Overflow in Adobe Acrobat

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer17 documents11 sources
Severity
7.8HIGHNVD
EPSS
93.1%
top 0.20%
CISA KEV
KEV
Added 2022-06-08
Due 2022-06-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedFeb 12
KEV addedJun 8
KEV dueJun 22
CISA Required Action: Apply updates per vendor instructions.

Description

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/acrobat< 8.1.2

🔴Vulnerability Details

2
GHSA
GHSA-xjr9-phw2-2wjx: Multiple buffer overflows in Adobe Reader and Acrobat 82022-05-01
VulnCheck
Adobe Acrobat and Reader Buffer Overflow Vulnerability2007

💥Exploits & PoCs

3
Exploit-DB
Adobe - 'Collab.collectEmailInfo()' Local Buffer Overflow (Metasploit)2010-09-25
Exploit-DB
Adobe Acrobat and Reader 8.1.1 - Multiple Arbitrary Code Execution / Security Vulnerabilities2008-02-06
Metasploit
Adobe Collab.collectEmailInfo() Buffer Overflow

📋Vendor Advisories

2
CISA
Adobe Acrobat and Reader Buffer Overflow Vulnerability2022-06-08
Red Hat
acroread Multiple buffer overflows2008-02-08

🕵️Threat Intelligence

6
Zscaler
PDF Exploit: Number Of Pages Is The Key | Zscaler2010-08-04
Zscaler
ATECH-SAGADE Badness - Malicious .IN Campaign | Zscaler Blog2010-07-15
Zscaler
More And More Obfuscation Being Used In The Malicious Script2010-05-07
Zscaler
Malicious JavaScript targets 3 Old Vulnerabilities | Zscaler2010-03-08
Talos
The Acrobat JavaScript Blocklist Framework2010-01-20

📄Research Papers

2
arXiv
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study2019-02-10
arXiv
MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection2018-08-21

💬Community

1
Bugzilla
CVE-2007-5659 acroread Multiple buffer overflows2008-02-13
CVE-2007-5659 — Classic Buffer Overflow in Adobe | cvebase