CVE-2008-2042Improper Input Validation in Adobe Acrobat

CWE-20Improper Input Validation5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
4.5%
top 10.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedMay 8
Latest updateMay 1

Description

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat8.1.1+34
NVDadobe/acrobat_reader8.1.1+40

🔴Vulnerability Details

2
GHSA
GHSA-rp3v-35cv-hc65: The Javascript API in Adobe Acrobat Professional 72022-05-01
VulnCheck
Adobe Acrobat and Reader Improper Input Validation2008

🕵️Threat Intelligence

2
Talos
The Acrobat JavaScript Blocklist Framework2010-01-20
Talos
The Acrobat JavaScript Blocklist Framework2010-01-20
CVE-2008-2042 — Improper Input Validation in Adobe | cvebase