Vulnerability Name:

CVE-2008-0667 (CCN-40588)

Assigned:2008-02-07
Published:2008-02-07
Updated:2018-10-15
Summary:The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document.
Note: this issue might be subsumed by CVE-2008-0655.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-399
Vulnerability Consequences:Other
References:Source: CCN
Type: BugTraq Mailing List, Thu Feb 07 2008 - 20:04:47 CST
Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

Source: MITRE
Type: CNA
CVE-2008-0667

Source: CCN
Type: Adobe KB 403079
Adobe Reader 8.1.2 Release Notes

Source: MISC
Type: UNKNOWN
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:009

Source: CCN
Type: RHSA-2008-0144
Critical: acroread security update

Source: CCN
Type: SA28802
Adobe Reader/Acrobat Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
28802

Source: CCN
Type: SA28851
Adobe Reader/Acrobat 7 Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
28851

Source: SECUNIA
Type: Vendor Advisory
28983

Source: SECUNIA
Type: Vendor Advisory
29065

Source: SECUNIA
Type: UNKNOWN
29205

Source: CCN
Type: SA30840
Sun Solaris Adobe Reader Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30840

Source: GENTOO
Type: UNKNOWN
GLSA-200803-01

Source: SREASON
Type: UNKNOWN
3625

Source: SUNALERT
Type: UNKNOWN
239286

Source: CCN
Type: Sun Alert ID: 239286
Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code

Source: CCN
Type: ASA-2008-092
acroread security update (RHSA-2008-0144)

Source: CCN
Type: ASA-2008-281
Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code (Sun 239286)

Source: CCN
Type: Adobe Web site
Adobe - Reader Download

Source: CCN
Type: Adobe Product Security Advisory APSA08-01
Security update available for Adobe Reader and Acrobat 8

Source: CONFIRM
Type: Patch
http://www.adobe.com/support/security/advisories/apsa08-01.html

Source: CCN
Type: Adobe Product Security Bulletin APSB08-13
Security Updates available for Adobe Reader and Acrobat 7 and 8

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/bulletins/apsb08-13.html

Source: MISC
Type: UNKNOWN
http://www.fortiguardcenter.com/advisory/FGA-2008-04.html

Source: CCN
Type: GLSA-200803-01
Adobe Acrobat Reader: Multiple vulnerabilities

Source: CCN
Type: SUSE Security Announcement: Acrobat Reader (SUSE-SA:2008:009)
acroread

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0144

Source: BUGTRAQ
Type: UNKNOWN
20080208 Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

Source: BID
Type: Patch
27641

Source: CCN
Type: BID-27641
Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities

Source: CERT
Type: US Government Resource
TA08-043A

Source: VUPEN
Type: UNKNOWN
ADV-2008-0425

Source: VUPEN
Type: UNKNOWN
ADV-2008-1966

Source: XF
Type: UNKNOWN
adobe-docprint-weak-security(40588)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9731

Source: SUSE
Type: SUSE-SA:2008:009
Adobe Acrobat Reader Security Problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version <= 8.1.1)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20080667
    V
    		CVE-2008-0667
    2015-11-16
    oval:org.mitre.oval:def:22416
    P
    		ELSA-2008:0144: acroread security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:9731
    V
    		The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.
    2010-09-06
    oval:com.redhat.rhsa:def:20080144
    P
    		RHSA-2008:0144: acroread security update (Critical)
    2008-03-20
    BACK
    adobe acrobat reader *
    adobe acrobat reader 7.0
    adobe acrobat reader 7.0.1
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat reader 7.0.2
    adobe acrobat 8.0
    adobe acrobat reader 8.0
    adobe acrobat reader 7.0.3
    adobe acrobat reader 7.0.4
    adobe acrobat reader 7.0.5
    adobe acrobat reader 7.0.6
    adobe acrobat reader 7.0.7
    adobe acrobat reader 7.0.8
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 8.1
    adobe acrobat reader 7.0.9
    adobe acrobat reader 8.1
    adobe acrobat 8.1.1
    adobe acrobat reader 8.1.1
    gentoo linux *
    sun solaris 10
    redhat rhel extras 3
    redhat rhel extras 4
    suse linux enterprise server 9
    novell opensuse 10.2
    novell opensuse 10.3