CVE-2008-2992
high-risk
Published 2008-11-04
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Do I need to act?
!
93.7% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (3)
References (55)
Third Party Advisory
http://download.oracle.com/sunalerts/1019937.1.html
Broken Link
http://osvdb.org/49520
Broken Link
http://secunia.com/advisories/29773
Broken Link
http://secunia.com/advisories/32700
Broken Link
http://secunia.com/advisories/32872
Broken Link
http://secunia.com/advisories/35163
Broken Link
http://secunia.com/secunia_research/2008-14/
Broken Link
http://securityreason.com/securityalert/4549
Third Party Advisory
http://www.coresecurity.com/content/adobe-reader-buffer-overflow
Third Party Advisory
http://www.kb.cert.org/vuls/id/593409
Broken Link
http://www.securityfocus.com/bid/30035
Broken Link
http://www.securityfocus.com/bid/32091
and 35 more references
67
/ 100
high-risk
Severity
24/34 · High
Exploitability
34/34 · Critical
Exposure
9/34 · Low