CVE-2008-4814 — Improper Input Validation in Adobe Acrobat

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

48.0%

top 2.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedNov 5

Latest updateMay 14

Description

Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/acrobat_reader8.0

▶NVDadobe/acrobat8.1.2+1

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-3543-r684-9c6x: Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8↗2022-05-14

▶

📋Vendor Advisories

Red Hat

Reader: arbitrary code execution via unspecified JavaScript method↗2008-11-04

▶

💬Community

Bugzilla

CVE-2008-4814 Adobe Reader: arbitrary code execution via unspecified JavaScript method↗2008-11-04

▶