CVE-2007-5663Code Injection in Adobe Acrobat

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
40.7%
top 2.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedFeb 12
Latest updateMay 1

Description

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat8.1.1

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-vh44-jfrh-jf4g: Adobe Reader and Acrobat 82022-05-01

📋Vendor Advisories

1
Red Hat
acroread JavaScript Insecure Method Exposure2008-02-08

💬Community

1
Bugzilla
CVE-2007-5663 acroread JavaScript Insecure Method Exposure2008-02-13
CVE-2007-5663 — Code Injection in Adobe Acrobat | cvebase