Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4071 — Improper Input Validation in Adobe Acrobat

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

6.1%

top 9.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Acrobat

Timeline

PublishedSep 15

Latest updateMay 2

Description

A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDadobe/acrobat9

🔴Vulnerability Details

GHSA

GHSA-jprq-ffw9-m95p: A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denia↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Adobe Acrobat 9 - ActiveX Remote Denial of Service↗2008-09-11

▶