CVE-2008-0883 — Link Following in Adobe Acrobat Reader

CWE-59 — Link Following4 documents4 sources

Severity

3.7LOWNVD

EPSS

0.1%

top 74.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Reader

Timeline

PublishedMar 6

Latest updateMay 1

Description

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

▶NVDadobe/acrobat_reader8.1.2

Patches

Patch: support.novell.com ↗Patch: support.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-whm3-pjww-fw7w: acroread in Adobe Acrobat Reader 8↗2022-05-01

▶

📋Vendor Advisories

Red Hat

acroread: insecure handling of temporary files↗2008-02-21

▶

💬Community

Bugzilla

CVE-2008-0883 acroread: insecure handling of temporary files↗2008-03-06

▶