CVE-2008-2549
published 2008-06-04CVE-2008-2549: Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute…
PriorityP340medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
41.25%
98.5th percentile
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_reader | <= 8.1.2 | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Crash occurs at instruction pointer 0x00414141 within AcroRd32 — indicative of EIP/PC control via malformed PDF; monitor AcroRd32.exe crashes at this address as a exploitation signal. ↗
- →Flag delivery of PDF files that trigger crashes in Adobe Acrobat Reader 8.1.2 and earlier (pre-8.1.3) or pre-7.1.1; correlate with process crash telemetry for AcroRd32.exe. ↗
- ·Vulnerability is confirmed fixed in Adobe Acrobat Reader 8.1.3; detections targeting vulnerable versions should scope to 8.1.2 and earlier, and pre-7.1.1 builds. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
acroread: crash and possible code execution
vendor_redhat·2008-05-29·CVSS 4.3
CVE-2008-2549 [MEDIUM] acroread: crash and possible code execution
acroread: crash and possible code execution
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
GHSA
GHSA-6h86-qrjc-gvq6: Adobe Acrobat Reader 8
ghsa_unreviewed·2022-05-01
CVE-2008-2549 [MEDIUM] GHSA-6h86-qrjc-gvq6: Adobe Acrobat Reader 8
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
No detection rules found.
Exploit-DB
Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
exploitdb·2010-07-01
CVE-2010-2549 Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
---
Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability
Intro:
Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer.
Vulnerability report:
win32k!NtUserCheckAccessForIntegrityLevel in Vista/Server 2008 calls LockProcessByClientId() on the specified ClientID. When this call fails, the refcount will be first decremented by nt!ObfDereferenceObject and t
Exploit-DB
Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)
exploitdb·2008-05-29
CVE-2008-2549 Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)
Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC)
---
Adobe Acrobat Reader <= 8.1.2 Reader Remote Denial Of Service
the reader deadly crash when a malformed Pdf file is opened:
00414141 AcroRd32.00414141
greetz to : Deimos, benjilenoob, Berga , http://spiritofhack.net/
Poc : https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5687.pdf (2008-HI2.pdf)
# milw0rm.com [2008-05-29]
Bugzilla
CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
bugzilla·2008-10-23·CVSS 4.3
CVE-2008-4684 [MEDIUM] CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4684 to
the following vulnerability:
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly
handle exceptions thrown by post dissectors, which allows remote
attackers to cause a denial of service (application crash) via a
certain series of packets, as demonstrated by enabling the (1) PRP or
(2) MATE post dissector.
Affected Wireshark versions: 0.99.2 through 1.0.3
References:
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2549
http://www.securityfocus.com/bid/31838
http://www.frsirt.com/english/advisories/2008/2872
http://secur
Bugzilla
CVE-2008-2549 acroread: crash and possible code execution
bugzilla·2008-06-05·CVSS 4.3
CVE-2008-2549 [MEDIUM] CVE-2008-2549 acroread: crash and possible code execution
CVE-2008-2549 acroread: crash and possible code execution
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2549 to the following vulnerability:
Adobe Acrobat Reader 8.1.2 and earlier allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a malformed PDF document, as demonstrated by
2008-HI2.pdf.
References:
http://www.milw0rm.com/exploits/5687
http://www.securityfocus.com/bid/29420
Discussion:
Created attachment 308415
Public PoC
http://www.milw0rm.com/exploits/5687
http://milw0rm.com/sploits/2008-HI2.pdf
---
Fixed upstream in 8.1.3:
http://www.adobe.com/support/security/bulletins/apsb08-19.html
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-097
http://download.oracle.com/sunalerts/1019937.1.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlhttp://secunia.com/advisories/32700http://secunia.com/advisories/32872http://secunia.com/advisories/35163http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609http://www.adobe.com/support/security/bulletins/apsb08-19.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-04.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0974.htmlhttp://www.securityfocus.com/bid/29420http://www.securitytracker.com/id?1021140http://www.us-cert.gov/cas/techalerts/TA08-309A.htmlhttp://www.vupen.com/english/advisories/2008/3001http://www.vupen.com/english/advisories/2009/0098https://exchange.xforce.ibmcloud.com/vulnerabilities/42886https://www.exploit-db.com/exploits/5687http://download.oracle.com/sunalerts/1019937.1.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlhttp://secunia.com/advisories/32700http://secunia.com/advisories/32872http://secunia.com/advisories/35163http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609http://www.adobe.com/support/security/bulletins/apsb08-19.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-04.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0974.htmlhttp://www.securityfocus.com/bid/29420http://www.securitytracker.com/id?1021140http://www.us-cert.gov/cas/techalerts/TA08-309A.htmlhttp://www.vupen.com/english/advisories/2008/3001http://www.vupen.com/english/advisories/2009/0098https://exchange.xforce.ibmcloud.com/vulnerabilities/42886https://www.exploit-db.com/exploits/5687
2008-06-04
Published