CVE-2007-5659
CVE-2007-5659
In short
Adobe Reader and Acrobat versions 8.1.1 and earlier contain buffer overflow vulnerabilities in JavaScript methods when processing PDF files with excessively long arguments, allowing attackers to run arbitrary code by sending a malicious PDF.
Technical detail
Multiple buffer overflows exist in Adobe Reader/Acrobat ≤8.1.1 JavaScript engine when handling long arguments to unspecified methods. Attack vector is local/remote via crafted PDF files; exploitation requires user to open the malicious PDF. Successful exploitation leads to arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/31114unverifiedexploitdbwww.exploit-db.com/exploits/16674unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657http://secunia.com/advisories/29065http://secunia.com/advisories/29205http://secunia.com/advisories/30840http://security.gentoo.org/glsa/glsa-200803-01.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9813http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2007-5659http://www.adobe.com/support/security/advisories/apsa08-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb08-13.htmlhttp://www.kb.cert.org/vuls/id/666281http://www.redhat.com/support/errata/RHSA-2008-0144.html