cbcvebase.
CVE-2008-2641
published 2008-06-25

CVE-2008-2641: Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service…

PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
22.19%
97.4th percentile
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."

Affected

46 ranges· showing 25
VendorProductVersion rangeFixed in
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_3d
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader
adobeacrobat_reader

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a JavaScript method in Adobe Reader/Acrobat; monitor for malicious PDF files invoking JavaScript that causes application crash or code execution
  • ·Affected versions are Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2; patched version is 8.1.2 Security Update 1 (8.1.2_SU1). The attack vector and specific JavaScript method are unspecified by Adobe.
  • ·Adobe's original security advisory (APSB08-15) initially only listed patches for Windows and Macintosh; Linux/Unix patch was added subsequently as 8.1.2_SU1.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.