CVE-2008-2641
published 2008-06-25CVE-2008-2641: Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service…
PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
22.19%
97.4th percentile
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_3d | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a JavaScript method in Adobe Reader/Acrobat; monitor for malicious PDF files invoking JavaScript that causes application crash or code execution ↗
- ·Affected versions are Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2; patched version is 8.1.2 Security Update 1 (8.1.2_SU1). The attack vector and specific JavaScript method are unspecified by Adobe. ↗
- ·Adobe's original security advisory (APSB08-15) initially only listed patches for Windows and Macintosh; Linux/Unix patch was added subsequently as 8.1.2_SU1. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g44h-jfwm-hrw7: Unspecified vulnerability in Adobe Reader and Acrobat 7
ghsa_unreviewed·2022-05-01
CVE-2008-2641 [HIGH] GHSA-g44h-jfwm-hrw7: Unspecified vulnerability in Adobe Reader and Acrobat 7
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
VulnCheck
Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2 Input Validation in a JavaScript Method Vulnerability
vulncheck·2008·CVSS 10.0
CVE-2008-2641 [CRITICAL] Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2 Input Validation in a JavaScript Method Vulnerability
Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2 Input Validation in a JavaScript Method Vulnerability
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
Affected: Adobe acrobat_3d
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.kb.cert.org/vuls/id/788019
Red Hat
acroread: input validation issue in a JavaScript method
vendor_redhat·2008-06-23·CVSS 10.0
CVE-2008-2641 [CRITICAL] CWE-20 acroread: input validation issue in a JavaScript method
acroread: input validation issue in a JavaScript method
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
No detection rules found.
No public exploits indexed.
http://isc.sans.org/diary.html?storyid=4616http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.htmlhttp://secunia.com/advisories/30832http://secunia.com/advisories/31136http://secunia.com/advisories/31339http://secunia.com/advisories/31352http://secunia.com/advisories/31428http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1http://www.adobe.com/support/security/bulletins/apsb08-15.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200808-10.xmlhttp://www.kb.cert.org/vuls/id/788019http://www.redhat.com/support/errata/RHSA-2008-0641.htmlhttp://www.securityfocus.com/bid/29908http://www.securitytracker.com/id?1020352http://www.vupen.com/english/advisories/2008/1906http://www.vupen.com/english/advisories/2008/2289https://exchange.xforce.ibmcloud.com/vulnerabilities/43307http://isc.sans.org/diary.html?storyid=4616http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.htmlhttp://secunia.com/advisories/30832http://secunia.com/advisories/31136http://secunia.com/advisories/31339http://secunia.com/advisories/31352http://secunia.com/advisories/31428http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1http://www.adobe.com/support/security/bulletins/apsb08-15.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200808-10.xmlhttp://www.kb.cert.org/vuls/id/788019http://www.redhat.com/support/errata/RHSA-2008-0641.htmlhttp://www.securityfocus.com/bid/29908http://www.securitytracker.com/id?1020352http://www.vupen.com/english/advisories/2008/1906http://www.vupen.com/english/advisories/2008/2289https://exchange.xforce.ibmcloud.com/vulnerabilities/43307
2008-06-25
Published
Exploited in the wild