SAINT CorporationSAINT:0E0280E43894A4CA610CD72BFD722C72Adobe Acrobat util.printf JavaScript function buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%
Added: 11/10/2008
CVE: CVE-2008-2992
BID: 30035
OSVDB: 49520
Background
Adobe Acrobat is software for creating PDF documents.
Problem
A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the **util.printf** JavaScript function with a specially crafted format string argument.
Resolution
Upgrade to Adobe Acrobat 8.1.3 or higher.
References
<http://www.adobe.com/support/security/bulletins/apsb08-19.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-072/>
Limitations
Exploit works on Adobe Acrobat 8.0 through 8.1.2 and requires a user to open the exploit file in Adobe Acrobat.
This exploit requires the Compress-Zlib PERL module. This module is available from cpan.org.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%