CVE-2008-0655
published 2008-02-07CVE-2008-0655: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
PriorityP275high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
36.84%
98.3th percentile
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | < 8.1.2 | 8.1.2 |
| adobe | acrobat | <= 8.1.1 | — |
| adobe | acrobat_reader | < 8.1.2 | 8.1.2 |
| adobe | acrobat_reader | <= 8.1.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2008-0655 is exploited via specially crafted PDF files; the exploit is associated with the PDF collab.collectEmailInfo JavaScript method in Adobe Reader/Acrobat before 8.1.2 ↗
- →CVE-2008-0655 may subsume the silent print vulnerability via the DOC.print JavaScript API function — detect calls to DOC.print within PDF JavaScript for silent/non-interactive printing ↗
- →CVE-2008-0655 may subsume arbitrary code execution via crafted PDF calling insecure JavaScript methods in the EScript.api plug-in — monitor for EScript.api JavaScript method abuse in PDF files ↗
- →CVE-2008-0655 was packaged in the iPack exploit kit (starting ~$500), which booby-traps websites to deliver drive-by PDF exploits; hunt for iPack kit traffic patterns alongside other kit-delivered CVEs (CVE-2006-0003, CVE-2009-0927, CVE-2008-2992, CVE-2009-4324) ↗
- →The vulnerability is described as a design flaw allowing a specially crafted PDF file to trigger silent printing an arbitrary number of times — flag PDF files invoking silent print behaviour as suspicious ↗
- ·CVE-2008-0655 is officially described as 'multiple unspecified vulnerabilities with unknown impact and attack vectors', making precise IOC extraction impossible from NVD alone; operational context is inferred from related CVEs noted as potentially subsumed by it ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Adobe Acrobat and Reader Unspecified Vulnerability
cisa·2022-06-08·CVSS 9.8
CVE-2008-0655 [CRITICAL] Adobe Acrobat and Reader Unspecified Vulnerability
Vulnerability: Adobe Acrobat and Reader Unspecified Vulnerability
Affected: Adobe Acrobat and Reader
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2008-0655
Remediation Due Date: 2022-06-22
Red Hat
acroread: silent print vulnerability
vendor_redhat·2008-02-08·CVSS 9.8
CVE-2008-0667 [CRITICAL] acroread: silent print vulnerability
acroread: silent print vulnerability
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
Red Hat
acroread JavaScript Insecure Method Exposure
vendor_redhat·2008-02-08·CVSS 9.3
CVE-2007-5663 [CRITICAL] acroread JavaScript Insecure Method Exposure
acroread JavaScript Insecure Method Exposure
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
Red Hat
acroread JavaScript Insecure Libary Search Path
vendor_redhat·2008-02-08·CVSS 6.2
CVE-2007-5666 [MEDIUM] acroread JavaScript Insecure Libary Search Path
acroread JavaScript Insecure Libary Search Path
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
Red Hat
acroread Multiple buffer overflows
vendor_redhat·2008-02-08·CVSS 7.8
CVE-2007-5659 [HIGH] acroread Multiple buffer overflows
acroread Multiple buffer overflows
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
Red Hat
acroread: unspecified vulnerabilities
vendor_redhat·2008-02-06·CVSS 9.8
CVE-2008-0655 [CRITICAL] acroread: unspecified vulnerabilities
acroread: unspecified vulnerabilities
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
VulDB
Adobe Acrobat Reader up to 8.1.1 Escript.api memory corruption (Nessus ID 31126 / ID 165670)
vuldb·2026-04-22·CVSS 9.8
CVE-2008-0655 [CRITICAL] Adobe Acrobat Reader up to 8.1.1 Escript.api memory corruption (Nessus ID 31126 / ID 165670)
A vulnerability was found in Adobe Acrobat Reader. It has been rated as critical. Impacted is an unknown function of the file Escript.api. Performing a manipulation results in memory corruption.
This vulnerability is identified as CVE-2008-0655. The attack can be initiated remotely. Additionally, an exploit exists.
Upgrading the affected component is advised.
VulDB
Adobe Acrobat Reader up to 8.1.1 Javascript memory corruption (Nessus ID 31126 / ID 165670)
vuldb·2026-04-22·CVSS 9.8
CVE-2008-0655 [CRITICAL] Adobe Acrobat Reader up to 8.1.1 Javascript memory corruption (Nessus ID 31126 / ID 165670)
A vulnerability was found in Adobe Acrobat Reader. It has been declared as critical. This issue affects some unknown processing of the component Javascript Handler. Such manipulation leads to memory corruption.
This vulnerability is referenced as CVE-2008-0655. It is possible to launch the attack remotely. Furthermore, an exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-vh44-jfrh-jf4g: Adobe Reader and Acrobat 8
ghsa_unreviewed·2022-05-01·CVSS 9.8
CVE-2007-5663 [CRITICAL] CWE-94 GHSA-vh44-jfrh-jf4g: Adobe Reader and Acrobat 8
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
GHSA
GHSA-xjr9-phw2-2wjx: Multiple buffer overflows in Adobe Reader and Acrobat 8
ghsa_unreviewed·2022-05-01·CVSS 9.8
CVE-2007-5659 [CRITICAL] CWE-119 GHSA-xjr9-phw2-2wjx: Multiple buffer overflows in Adobe Reader and Acrobat 8
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
GHSA
GHSA-f6hj-jcpc-rwr6: Untrusted search path vulnerability in Adobe Reader and Acrobat 8
ghsa_unreviewed·2022-05-01·CVSS 9.8
CVE-2007-5666 [CRITICAL] CWE-94 GHSA-f6hj-jcpc-rwr6: Untrusted search path vulnerability in Adobe Reader and Acrobat 8
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
GHSA
GHSA-r5pf-wcfw-339x: The DOC
ghsa_unreviewed·2022-05-01·CVSS 9.8
CVE-2008-0667 [CRITICAL] GHSA-r5pf-wcfw-339x: The DOC
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
GHSA
GHSA-qw37-hh98-8g3j: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8
ghsa_unreviewed·2022-05-01
CVE-2008-0655 [HIGH] CWE-200 GHSA-qw37-hh98-8g3j: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
VulnCheck
Adobe Acrobat and Reader Unspecified Vulnerability
vulncheck·2008·CVSS 9.8
CVE-2008-0655 [CRITICAL] Adobe Acrobat and Reader Unspecified Vulnerability
Adobe Acrobat and Reader Unspecified Vulnerability
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Affected: Adobe Acrobat and Reader
Required Action: Apply updates per vendor instructions.
Exploitation References: https://isc.sans.edu/diary/Adobe+Reader+exploit+in+the+wild/3958; https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-22
No detection rules found.
No public exploits indexed.
Krebs
iPack Exploit Kit Bites Windows Users
blogs_krebs·2010-04-16·CVSS 5.1
[MEDIUM] iPack Exploit Kit Bites Windows Users
Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs malicious software.
These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Take, for example, the iPack crimeware kit, an exploit pack that starts at around $500.
Its name and cute logo aside, iPack has nothing to do with Apple’s products. According to Jorge Mieres over at the Malware Intelligence blog, the software vulnera
Krebs
iPack Exploit Kit Bites Windows Users – Krebs on Security
blogs_krebs·2010-04-01·CVSS 5.1
[MEDIUM] iPack Exploit Kit Bites Windows Users – Krebs on Security
Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs mal icious soft ware .
These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Take, for example, the iPack crimeware kit, an exploit pack that starts at around $500.
Its name and cute logo aside, iPack has nothing to do with Apple’ s products. According to Jorge Mieres over at the Malware Intelligence blog , the software vu
Bugzilla
CVE-2007-5663 acroread JavaScript Insecure Method Exposure
bugzilla·2008-02-13·CVSS 9.3
CVE-2007-5663 [CRITICAL] CVE-2007-5663 acroread JavaScript Insecure Method Exposure
CVE-2007-5663 acroread JavaScript Insecure Method Exposure
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5663 to the following vulnerability:
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656
http://www.adobe.com/support/security/advisories/apsa08-01.html
http://www.kb.cert.org/vuls/id/140129
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0144.html
---
Reporter changed to [email protected] by request of Jay Tu
Bugzilla
CVE-2007-5666 acroread JavaScript Insecure Libary Search Path
bugzilla·2008-02-13·CVSS 6.2
CVE-2007-5666 [MEDIUM] CVE-2007-5666 acroread JavaScript Insecure Libary Search Path
CVE-2007-5666 acroread JavaScript Insecure Libary Search Path
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5666 to the following vulnerability:
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655
http://www.adobe.com/support/security/advisories/apsa08-01.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0144.html
---
Reporter changed to [email protected] by request of Jay Turner.
Bugzilla
CVE-2007-5659 acroread Multiple buffer overflows
bugzilla·2008-02-13·CVSS 7.8
CVE-2007-5659 [HIGH] CVE-2007-5659 acroread Multiple buffer overflows
CVE-2007-5659 acroread Multiple buffer overflows
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5659 to the following vulnerability:
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657
http://www.adobe.com/support/security/advisories/apsa08-01.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0144.html
---
Reporter changed to [email protected] by request of Jay Turner.
Bugzilla
CVE-2008-0667 acroread: silent print vulnerability
bugzilla·2008-02-12·CVSS 9.8
CVE-2008-0667 [CRITICAL] CVE-2008-0667 acroread: silent print vulnerability
CVE-2008-0667 acroread: silent print vulnerability
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0667 to the following vulnerability:
The DOC.print function in the Adobe JavaScript API, as used by Adobe
Acrobat and Reader before 8.1.2, allows remote attackers to configure
silent non-interactive printing, and trigger the printing of an
arbitrary number of copies of a document. NOTE: this issue might be
subsumed by CVE-2008-0655.
References:
http://www.securityfocus.com/archive/1/archive/1/487760/100/0/threaded
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1
http://www.fortiguardcenter.com/advisory/FGA-2008-04.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
http://www.securityfocus.com/bid/27641
http://www.frsirt.com
Bugzilla
CVE-2008-0655 acroread: unspecified vulnerabilities
bugzilla·2008-02-08·CVSS 9.8
CVE-2008-0655 [CRITICAL] CVE-2008-0655 acroread: unspecified vulnerabilities
CVE-2008-0655 acroread: unspecified vulnerabilities
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0655 to the following vulnerability:
Multiple unspecified vulnerabilities in Adobe Reader before 8.1.2 have
unknown impact and attack vectors.
References:
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1
http://www.securityfocus.com/bid/27641
http://www.frsirt.com/english/advisories/2008/0425
http://secunia.com/advisories/28802
Discussion:
SecurityFocus in exploit section for bid links to Immunity web page. According
to other sources, Immunity's CANVAS provides working PoC:
http://www.eweek.com/c/a/Security/Adobe-Ships-Silent-Fix-for-Critical-PDF-Reader-Flaw/
---
Adobe advisory with no details provided at the moment:
http://www.adobe.
arXiv
Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks
arxiv_fulltext·2020-04-14
Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks
Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks
Davide Maiorca
University of Cagliari
Piazza d'Armi
Cagliari
09123
Italy
[email protected]
Battista Biggio
University of Cagliari
Piazza d'Armi
Cagliari
09123
Italy
Pluribus One
Italy
[email protected]
Giorgio Giacinto
University of Cagliari
Piazza d'Armi
Cagliari
09123
Italy
Pluribus One
Italy
[email protected]
## Abstract
Malware still constitutes a major threat in the cybersecurity landscape, also due to the widespread use of infection vectors such as documents. These infection vectors hide embedded malicious code to the victim users, facilitating the use of social engineering techniques to infect their machines.
Research showed that machine-learning algorithms provide effective
http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.htmlhttp://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.htmlhttp://secunia.com/advisories/28802http://secunia.com/advisories/28851http://secunia.com/advisories/28983http://secunia.com/advisories/29065http://secunia.com/advisories/29205http://secunia.com/advisories/30840http://security.gentoo.org/glsa/glsa-200803-01.xmlhttp://securitytracker.com/id?1019346http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1http://www.adobe.com/support/security/advisories/apsa08-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb08-13.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0144.htmlhttp://www.securityfocus.com/bid/27641http://www.us-cert.gov/cas/techalerts/TA08-043A.htmlhttp://www.vupen.com/english/advisories/2008/0425http://www.vupen.com/english/advisories/2008/1966/referenceshttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10299http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.htmlhttp://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.htmlhttp://secunia.com/advisories/28802http://secunia.com/advisories/28851http://secunia.com/advisories/28983http://secunia.com/advisories/29065http://secunia.com/advisories/29205http://secunia.com/advisories/30840http://security.gentoo.org/glsa/glsa-200803-01.xmlhttp://securitytracker.com/id?1019346http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1http://www.adobe.com/support/security/advisories/apsa08-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb08-13.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0144.htmlhttp://www.securityfocus.com/bid/27641http://www.us-cert.gov/cas/techalerts/TA08-043A.htmlhttp://www.vupen.com/english/advisories/2008/0425http://www.vupen.com/english/advisories/2008/1966/referenceshttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10299https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-0655
2008-02-07
Published
2022-06-08
Added to CISA KEV
Exploited in the wild