Vulnerability Name:

CVE-2008-0726 (CCN-40449)

Assigned:2008-02-05
Published:2008-02-05
Updated:2018-10-15
Summary:Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-0726

Source: CCN
Type: Adobe KB 403079
Adobe Reader 8.1.2 Release Notes

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:009

Source: CCN
Type: RHSA-2008-0144
Critical: acroread security update

Source: CCN
Type: SA28802
Adobe Reader/Acrobat Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28983

Source: SECUNIA
Type: Vendor Advisory
29065

Source: SECUNIA
Type: UNKNOWN
29205

Source: CCN
Type: SA30840
Sun Solaris Adobe Reader Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30840

Source: GENTOO
Type: UNKNOWN
GLSA-200803-01

Source: SUNALERT
Type: UNKNOWN
239286

Source: CCN
Type: Sun Alert ID: 239286
Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code

Source: CCN
Type: ASA-2008-092
acroread security update (RHSA-2008-0144)

Source: CCN
Type: ASA-2008-281
Multiple Security Vulnerabilities in the Adobe Reader may lead to Execution of Arbitrary Code (Sun 239286)

Source: CCN
Type: Adobe Web site
Adobe - Reader Download

Source: CCN
Type: Adobe Product Security Advisory APSA08-01
Security update available for Adobe Reader and Acrobat 8

Source: CONFIRM
Type: Patch
http://www.adobe.com/support/security/advisories/apsa08-01.html

Source: CCN
Type: Adobe Product Security Bulletin APSB08-13
Security Updates available for Adobe Reader and Acrobat 7 and 8

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/bulletins/apsb08-13.html

Source: CCN
Type: GLSA-200803-01
Adobe Acrobat Reader: Multiple vulnerabilities

Source: CCN
Type: SUSE Security Announcement: Acrobat Reader (SUSE-SA:2008:009)
acroread

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0144

Source: BUGTRAQ
Type: UNKNOWN
20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability

Source: CCN
Type: BID-27641
Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2008-1966

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-08-004.html

Source: XF
Type: UNKNOWN
adobe-printsepswithparams-overflow(40449)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10957

Source: SUSE
Type: SUSE-SA:2008:009
Adobe Acrobat Reader Security Problems

Source: CCN
Type: ZDI-08-004
Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat:*:*:*:*:*:*:*:* (Version <= 8.1.1)
  • OR cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version <= 8.1.1)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20080726
    V
    		CVE-2008-0726
    2015-11-16
    oval:org.mitre.oval:def:22416
    P
    		ELSA-2008:0144: acroread security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:10957
    V
    		Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
    2010-09-06
    oval:com.redhat.rhsa:def:20080144
    P
    		RHSA-2008:0144: acroread security update (Critical)
    2008-03-20
    BACK
    adobe acrobat *
    adobe acrobat reader *
    adobe acrobat reader 7.0
    adobe acrobat reader 7.0.1
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat reader 7.0.2
    adobe acrobat 8.0
    adobe acrobat reader 8.0
    adobe acrobat reader 7.0.3
    adobe acrobat reader 7.0.4
    adobe acrobat reader 7.0.5
    adobe acrobat reader 7.0.6
    adobe acrobat reader 7.0.7
    adobe acrobat reader 7.0.8
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 8.1
    adobe acrobat reader 7.0.9
    adobe acrobat reader 8.1
    adobe acrobat 8.1.1
    adobe acrobat reader 8.1.1
    gentoo linux *
    sun solaris 10
    redhat rhel extras 3
    redhat rhel extras 4
    suse linux enterprise server 9
    novell opensuse 10.2
    novell opensuse 10.3