CVE-2008-4817Improper Input Validation in Adobe Acrobat

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
9.3CRITICALNVD
EPSS
31.8%
top 3.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedNov 5
Latest updateMay 17

Description

The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat8.1.2+1

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-p376-gg94-fq5h: Stack-based buffer overflow in the getPlus ActiveX control in gp2022-05-17
GHSA
GHSA-768r-jccv-hcw3: The Download Manager in Adobe Acrobat Professional and Reader 82022-05-14

📋Vendor Advisories

1
Red Hat
Reader: Download Manager input validation flaw2008-11-04

💬Community

1
Bugzilla
CVE-2008-4817 Adobe Reader: Download Manager input validation flaw2008-11-04
CVE-2008-4817 — Improper Input Validation in Adobe | cvebase