⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-03-24.

CVE-2008-2992Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write24 documents14 sources
Severity
7.8HIGHNVD
EPSS
93.7%
top 0.15%
CISA KEV
KEVRansomware
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Adobe AcrobatAdobe Acrobat ReaderOracle Solaris
Timeline
PublishedNov 4
KEV addedMar 3
KEV dueMar 24
Latest updateFeb 2
CISA Required Action: Apply updates per vendor instructions.

Description

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDadobe/acrobat8.1.2

Patches

Patch: www.adobe.comPatch: www.redhat.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-c6vf-qwc3-92qf: Stack-based buffer overflow in Adobe Acrobat and Reader 82022-05-01
VulnCheck
Adobe Reader and Acrobat Input Validation Vulnerability2008

💥Exploits & PoCs

5
Exploit-DB
Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (2)2010-09-25
Exploit-DB
Adobe - 'util.printf()' Local Buffer Overflow (Metasploit) (1)2010-05-03
Exploit-DB
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (1)2008-11-05
Exploit-DB
Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)2008-11-05
Metasploit
Adobe util.printf() Buffer Overflow

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt2011-07-01

📋Vendor Advisories

2
CISA
Adobe Reader and Acrobat Input Validation Vulnerability2022-03-03
Red Hat
Reader: JavaScript util.printf() function buffer overflow2008-11-04

🕵️Threat Intelligence

10
Greynoiseio
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates2026-02-02
Zscaler
A Brief Gumblar Infrastructure Analysis | Zscaler Blog2010-05-27
Zscaler
More And More Obfuscation Being Used In The Malicious Script2010-05-07
Krebs
iPack Exploit Kit Bites Windows Users2010-04-16
Krebs
iPack Exploit Kit Bites Windows Users – Krebs on Security2010-04-01

📄Research Papers

2
arXiv
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study2019-02-10
arXiv
MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection2018-08-21

💬Community

1
Bugzilla
CVE-2008-2992 Adobe Reader: JavaScript util.printf() function buffer overflow2008-11-04
CVE-2008-2992 — Adobe Acrobat vulnerability | cvebase