CVE-2007-5666Code Injection in Adobe Acrobat

CWE-94Code Injection4 documents4 sources
Severity
6.2MEDIUMNVD
EPSS
0.3%
top 45.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedFeb 12
Latest updateMay 1

Description

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat8.1.1

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-f6hj-jcpc-rwr6: Untrusted search path vulnerability in Adobe Reader and Acrobat 82022-05-01

📋Vendor Advisories

1
Red Hat
acroread JavaScript Insecure Libary Search Path2008-02-08

💬Community

1
Bugzilla
CVE-2007-5666 acroread JavaScript Insecure Libary Search Path2008-02-13
CVE-2007-5666 — Code Injection in Adobe Acrobat | cvebase