CVE-2008-2992
published 2008-11-04CVE-2008-2992: Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the…
PriorityP189high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
98.46%
99.9th percentile
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | <= 8.1.2 | — |
| adobe | acrobat_reader | <= 8.1.2 | — |
| oracle | solaris | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2008-2992 is exploited via a crafted PDF invoking the util.printf() JavaScript function with a malicious format string argument, triggering a stack-based buffer overflow in Adobe Acrobat/Reader 8.1.2 and earlier. ↗
- →CVE-2008-2992 was bundled in the iPack crimeware exploit kit alongside other PDF exploits (CVE-2009-0927, CVE-2008-0655, CVE-2009-4324); detections should consider co-occurrence of these CVEs in the same malicious PDF. ↗
- →Gumblar-related exploit PDFs used fast-flux DNS infrastructure with short TTLs across multiple providers; correlate DNS TTL anomalies with .ru domains resolving to multiple IPs. ↗
- →Talos/VRT released detection rules for CVE-2008-2992 on 2008-11-11; reference vrt-rules-2008-11-11.html for Snort rule coverage. ↗
- →Shellcode dropped by the CVE-2008-2992 exploit PDF beacons to a C2 URL with parameters id, pid, and hello; monitor for outbound HTTP GET requests matching this pattern from PDF reader processes. ↗
- →Injected obfuscated JavaScript was found appended after the closing HTML tag on compromised pages; inspect page source beyond </html> for obfuscated JS as an indicator of Gumblar-style injection. ↗
- ·The compromised page (fdotfirstcoastouterbeltway.com/index.asp) serving the Gumblar exploit chain had been cleaned at time of reporting; IOCs from that specific URL may no longer be active. ↗
- ·VirusTotal detection for the CVE-2008-2992 exploit PDF (Notes1.pdf) was very low at time of analysis (1 of 41 vendors); AV-based detection alone is insufficient for this threat. ↗
- ·CVE-2008-2992 affects Adobe Acrobat and Reader 8.1.2 and earlier only; detections targeting newer versions are not applicable. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c6vf-qwc3-92qf: Stack-based buffer overflow in Adobe Acrobat and Reader 8
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-2992 [CRITICAL] CWE-119 GHSA-c6vf-qwc3-92qf: Stack-based buffer overflow in Adobe Acrobat and Reader 8
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
VulnCheck
Adobe Reader and Acrobat Input Validation Vulnerability
vulncheck·2008·CVSS 7.8
CVE-2008-2992 [HIGH] CWE-119 Adobe Reader and Acrobat Input Validation Vulnerability
Adobe Reader and Acrobat Input Validation Vulnerability
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Affected: Adobe Acrobat and Reader
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://blog.talosintelligence.com/acrobat-javascript-blacklist-framework/; https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/wham-bam-the-cutwailblackhole-combo/; https://cybersecurityworks.com/pdf/ransomware/Spotlight_Ransomware2021.pdf; https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compr
CISA
Adobe Reader and Acrobat Input Validation Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2008-2992 [HIGH] CWE-119 Adobe Reader and Acrobat Input Validation Vulnerability
Vulnerability: Adobe Reader and Acrobat Input Validation Vulnerability
Affected: Adobe Acrobat and Reader
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2008-2992
Remediation Due Date: 2022-03-24
Red Hat
Reader: JavaScript util.printf() function buffer overflow
vendor_redhat·2008-11-04·CVSS 9.3
CVE-2008-2992 [CRITICAL] Reader: JavaScript util.printf() function buffer overflow
Reader: JavaScript util.printf() function buffer overflow
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Suricata
ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt
suricata·2011-07-01
CVE-2008-2992 ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt
ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt"; flow:established,to_client; file.data; content:"util.printf|28 22 25|"; nocase; fast_pattern; pcre:"/util.printf\x28\x22\x25[^\x2C\x29]*f\x22\x2C/i"; reference:url,www.coresecurity.com/content/adobe-reader-buffer-overflow; reference:bid,30035; reference:cve,2008-2992; classtype:attempted-user; sid:2013152; rev:4; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2011_07_01, cve CVE_2008_2992, deployment Perimeter, confidence High, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_09;)
Exploit-DB
Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (2)
exploitdb·2010-09-25
CVE-2008-2992 Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (2)
Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (2)
---
##
# $Id: adobe_utilprintf.rb 10477 2010-09-25 11:59:02Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'zlib'
class Metasploit3 'Adobe util.printf() Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional
MSF_LICENSE,
'Author' => [ 'MC', 'Didier Stevens ' ],
'Version' => '$Revision: 10477 $',
'References' =>
[
[ 'CVE', '2008-2992' ],
[ 'OSVDB', '49520' ]
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
'Disabl
Exploit-DB
Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (1)
exploitdb·2010-05-03
CVE-2008-2992 Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (1)
Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (1)
---
##
# $Id: adobe_utilprintf.rb 9212 2010-05-03 17:13:09Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'zlib'
class Metasploit3 'Adobe util.printf() Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional
MSF_LICENSE,
'Author' => [ 'MC', 'Didier Stevens ' ],
'Version' => '$Revision: 9212 $',
'References' =>
[
[ 'CVE', '2008-2992' ],
[ 'OSVDB', '49520' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'P
Exploit-DB
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
exploitdb·2008-11-05
CVE-2008-2992 Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)
---
Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Exploit
author: Elazar
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6994.pdf (2008-APSB08-19.pdf)
# milw0rm.com [2008-11-05]
Exploit-DB
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)
exploitdb·2008-11-05·CVSS 7.8
CVE-2008-2992 [HIGH] Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)
---
Adobe Reader Javascript Printf Buffer Overflow Exploit
Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow
CVE-2008-2992
Thanks to coresecurity for the technical background.
6Nov,2008: Exploit released by me
Credits: Debasis Mohanty
www.hackingspirits.com
www.coffeeandsecurity.com
//Exploit by Debasis Mohanty (aka nopsledge/Tr0y)
//www.coffeeandsecurity
//www.hackingspirits.com
// win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com
var payload = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949%u4949%u4949%u4949%u4949%u4949%u4937%u5a51%u436a%u3058%u3142%u4150%u6b42%u4141%u4153%u4132%u3241%u4142%u4230%u5841%u3850%u4241%u7875%u4b69%u724c%u584a%u52
Metasploit
Adobe util.printf() Buffer Overflow
metasploit
Adobe util.printf() Buffer Overflow
Adobe util.printf() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.
Greynoiseio
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
blogs_greynoiseio·2026-02-02
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Zscaler
A Brief Gumblar Infrastructure Analysis | Zscaler Blog
blogs_zscaler·2010-05-27
A Brief Gumblar Infrastructure Analysis | Zscaler Blog
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
More And More Obfuscation Being Used In The Malicious Script
blogs_zscaler·2010-05-07
More And More Obfuscation Being Used In The Malicious Script
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Krebs
iPack Exploit Kit Bites Windows Users
blogs_krebs·2010-04-16·CVSS 5.1
[MEDIUM] iPack Exploit Kit Bites Windows Users
Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs malicious software.
These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Take, for example, the iPack crimeware kit, an exploit pack that starts at around $500.
Its name and cute logo aside, iPack has nothing to do with Apple’s products. According to Jorge Mieres over at the Malware Intelligence blog, the software vulnera
Krebs
iPack Exploit Kit Bites Windows Users – Krebs on Security
blogs_krebs·2010-04-01·CVSS 5.1
[MEDIUM] iPack Exploit Kit Bites Windows Users – Krebs on Security
Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs mal icious soft ware .
These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Take, for example, the iPack crimeware kit, an exploit pack that starts at around $500.
Its name and cute logo aside, iPack has nothing to do with Apple’ s products. According to Jorge Mieres over at the Malware Intelligence blog , the software vu
Zscaler
Malicious JavaScript targets 3 Old Vulnerabilities | Zscaler
blogs_zscaler·2010-03-08·CVSS 7.8
[HIGH] Malicious JavaScript targets 3 Old Vulnerabilities | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Talos
The Acrobat JavaScript Blocklist Framework
blogs_talos·2010-01-20
The Acrobat JavaScript Blocklist Framework
## The Acrobat JavaScript Blocklist Framework
Adobe recently announced and released the Adobe Reader and Acrobat JavaScript Blocklist Framework. I've had a little bit of time to play with it and would just like to share my thoughts. First of all, I am very pleased with this new blocklisting feature. Until now, when we knew about 0-day being actively exploited in the wild using JavaScript in some manner, we would just turn off JavaScript in Adobe products (Reader, Acrobat, etc...) all together. Personally, I could live without having JavaScript in my documents, but that's a totally different discussion. I understand why some people might want that feature for their PDF documents and why for them at least, turning JavaScript completely off would not be an option. So let's say, for example,
Talos
The Acrobat JavaScript Blocklist Framework
blogs_talos·2010-01-20
The Acrobat JavaScript Blocklist Framework
Adobe recently announced and released the Adobe Reader and Acrobat JavaScript Blocklist Framework. I've had a little bit of time to play with it and would just like to share my thoughts. First of all, I am very pleased with this new blocklisting feature. Until now, when we knew about 0-day being actively exploited in the wild using JavaScript in some manner, we would just turn off JavaScript in Adobe products (Reader, Acrobat, etc...) all together. Personally, I could live without having JavaScript in my documents, but that's a totally different discussion. I understand why some people might want that feature for their PDF documents and why for them at least, turning JavaScript completely off would not be an option. So let's say, for example, that you are running Adobe Reader 9.2.0 which i
Talos
Microsoft Tuesday Coverage for November
blogs_talos·2008-11-11·CVSS 7.8
CVE-2008-2992 [HIGH] Microsoft Tuesday Coverage for November
Not a huge month for Microsoft problems this time around. There are two interesting sets vulnerabilities though, one in XML Core Services (MS08-069) and the other in SMB (MS08-068). We have released rules for attack coverage and you can find details at vrt-rules-2008-11-11.html
Also included is detection for attacks targeting a buffer overflow in Adobe Acrobat Reader (CVE-2008-2992).
Talos
Microsoft Tuesday Coverage for November
blogs_talos·2008-11-11·CVSS 7.8
CVE-2008-2992 [HIGH] Microsoft Tuesday Coverage for November
## Microsoft Tuesday Coverage for November
Not a huge month for Microsoft problems this time around. There are two interesting sets vulnerabilities though, one in XML Core Services (MS08-069) and the other in SMB (MS08-068). We have released rules for attack coverage and you can find details at vrt-rules-2008-11-11.html
Also included is detection for attacks targeting a buffer overflow in Adobe Acrobat Reader (CVE-2008-2992).
arXiv
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study
arxiv_fulltext·2019-02-10
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study
Jason Zhang, Ph.D.
Senior Threat Researcher
Sophos, Abingdon OX14 3YP, U.K.
[email protected]
plain
plain
## Abstract
Cyber security threats have been growing significantly in both volume and sophistication over the past decade. This poses great challenges to malware detection without considerable automation. In this paper, we have proposed a novel approach by extending our recently suggested artificial neural network (ANN) based model with feature selection using the principal component analysis (PCA) technique for malware detection. The effectiveness of the approach has been successfully demonstrated with the application in PDF malware detection. A varying number of principal components is examined in the comparative study. Our evaluation shows that the model with PCA can signif
arXiv
MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection
arxiv_fulltext·2018-08-21
MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection
Jason Zhang, Ph.D.
Senior Threat Researcher
Sophos, Abingdon OX14 3YP, U.K.
[email protected]
plain
plain
## Abstract
Due to the popularity of portable document format (PDF) and increasing number of vulnerabilities in major PDF viewer applications, malware writers continue to use it to deliver malware via web downloads, email attachments and other methods in both targeted and non-targeted attacks. The topic on how to effectively block malicious PDF documents has received huge research interests in both cyber security industry and academia with no sign of slowing down. In this paper, we propose a novel approach based on a multilayer perceptron (MLP) neural network model, termed MLP_df, for the detection of PDF based malware. More specifically, the MLP_df model uses a backpropagatio
Bugzilla
CVE-2008-2992 Adobe Reader: JavaScript util.printf() function buffer overflow
bugzilla·2008-11-04·CVSS 7.8
CVE-2008-2992 [HIGH] CVE-2008-2992 Adobe Reader: JavaScript util.printf() function buffer overflow
CVE-2008-2992 Adobe Reader: JavaScript util.printf() function buffer overflow
Adobe Reader 8 contains multiple input validation errors in a JavaScript
method. According to Adobe these flaws could result in arbitrary code
execution with the permissions of the user running Adobe Reader.
Discussion:
Public now via upstream security bulletin:
http://www.adobe.com/support/security/bulletins/apsb08-19.html
CVE description:
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 allows
remote attackers to execute arbitrary code via a PDF file containing a
crafted format string in the util.printf JavaScript functio
Further details about this flaw can be found in the advisories from:
Secunia:
http://secunia.com/secunia_research/2008-14/
http://marc.info/?l=full-disclosure&m=122581373919
http://download.oracle.com/sunalerts/1019937.1.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlhttp://osvdb.org/49520http://secunia.com/advisories/29773http://secunia.com/advisories/32700http://secunia.com/advisories/32872http://secunia.com/advisories/35163http://secunia.com/secunia_research/2008-14/http://securityreason.com/securityalert/4549http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609http://www.adobe.com/support/security/bulletins/apsb08-19.htmlhttp://www.coresecurity.com/content/adobe-reader-buffer-overflowhttp://www.kb.cert.org/vuls/id/593409http://www.redhat.com/support/errata/RHSA-2008-0974.htmlhttp://www.securityfocus.com/archive/1/498027/100/0/threadedhttp://www.securityfocus.com/archive/1/498032/100/0/threadedhttp://www.securityfocus.com/archive/1/498055/100/0/threadedhttp://www.securityfocus.com/bid/30035http://www.securityfocus.com/bid/32091http://www.securitytracker.com/id?1021140http://www.us-cert.gov/cas/techalerts/TA08-309A.htmlhttp://www.vupen.com/english/advisories/2008/3001http://www.vupen.com/english/advisories/2009/0098http://www.zerodayinitiative.com/advisories/ZDI-08-072/https://www.exploit-db.com/exploits/6994https://www.exploit-db.com/exploits/7006http://download.oracle.com/sunalerts/1019937.1.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlhttp://osvdb.org/49520http://secunia.com/advisories/29773http://secunia.com/advisories/32700http://secunia.com/advisories/32872http://secunia.com/advisories/35163http://secunia.com/secunia_research/2008-14/http://securityreason.com/securityalert/4549http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609http://www.adobe.com/support/security/bulletins/apsb08-19.htmlhttp://www.coresecurity.com/content/adobe-reader-buffer-overflowhttp://www.kb.cert.org/vuls/id/593409http://www.redhat.com/support/errata/RHSA-2008-0974.htmlhttp://www.securityfocus.com/archive/1/498027/100/0/threadedhttp://www.securityfocus.com/archive/1/498032/100/0/threadedhttp://www.securityfocus.com/archive/1/498055/100/0/threadedhttp://www.securityfocus.com/bid/30035http://www.securityfocus.com/bid/32091http://www.securitytracker.com/id?1021140http://www.us-cert.gov/cas/techalerts/TA08-309A.htmlhttp://www.vupen.com/english/advisories/2008/3001http://www.vupen.com/english/advisories/2009/0098http://www.zerodayinitiative.com/advisories/ZDI-08-072/https://www.exploit-db.com/exploits/6994https://www.exploit-db.com/exploits/7006https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-2992
2008-11-04
Published
2022-03-03
Added to CISA KEV
Exploited in the wild