返回 CVE 瀏覽器

CVE-2008-2992

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score28.2830%

EPSS Percentile88.54th

Published2008年11月4日

Last Modified2026年4月22日

Vulnerability Description

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

Affected Platforms (CPE)

📦

Adobe

Acrobat

<= 8.1.2

📦

Adobe

Acrobat Reader

<= 8.1.2

💻

Oracle

Solaris

= 10

References & Advisories

🔗 http://download.oracle.com/sunalerts/1019937.1.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

🔗 http://osvdb.org/49520

🔗 http://secunia.com/advisories/29773

🔗 http://secunia.com/advisories/32700

🔗 http://secunia.com/advisories/32872

🔗 http://secunia.com/advisories/35163

🔗 http://secunia.com/secunia_research/2008-14/

相關漏洞威脅

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...