| Vulnerability Name: | CVE-2008-4812 (CCN-46332) | ||||||||||||||||
| Assigned: | 2008-11-04 | ||||||||||||||||
| Published: | 2008-11-04 | ||||||||||||||||
| Updated: | 2018-10-30 | ||||||||||||||||
| Summary: | Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. | ||||||||||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4812 Source: SUNALERT Type: UNKNOWN 249366 Source: IDEFENSE Type: UNKNOWN 20081104 Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability Source: SUSE Type: UNKNOWN SUSE-SR:2008:026 Source: CCN Type: RHSA-2008-0974 Critical: acroread security update Source: SECUNIA Type: UNKNOWN 32700 Source: CCN Type: SA32872 SUSE Update for Multiple Packages Source: SECUNIA Type: UNKNOWN 32872 Source: CCN Type: SA35163 Nortel Media Processing Server Adobe Reader Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 35163 Source: CCN Type: SECTRACK ID: 1021140 Adobe Acrobat Multiple Flaws Let Remote Users Execute Arbitrary Code Source: CCN Type: Sun Alert ID: 249366 Multiple Security Vulnerabilities in the Adobe Reader May Lead to Execution of Arbitrary Code Source: CCN Type: ASA-2008-439 acroread security update (RHSA-2008-0974) Source: CCN Type: ASA-2009-018 Multiple Security Vulnerabilities in the Adobe Reader May Lead to Execution of Arbitrary Code (Sun 249366) Source: CCN Type: NORTEL BULLETIN ID: 2008009218, Rev 1 Nortel Response to Adobe Vulnerability Identifier APSB08-19 Source: CONFIRM Type: UNKNOWN http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801 Source: CCN Type: NORTEL BULLETIN ID: 2009009504, Rev 1 Nortel: Technical Support: Nortel Response to Sun Alert 249366 - Solaris 10 - Multiple Security Vulnerabilities Source: CONFIRM Type: UNKNOWN http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609 Source: CCN Type: Adobe Product Security Bulletin APSB08-19 Security Update available for Adobe Reader 8 and Acrobat 8 Source: CONFIRM Type: Patch, Vendor Advisory http://www.adobe.com/support/security/bulletins/apsb08-19.html Source: CCN Type: GLSA-200901-09 Adobe Reader: User-assisted execution of arbitrary code Source: REDHAT Type: UNKNOWN RHSA-2008:0974 Source: BID Type: UNKNOWN 32100 Source: CCN Type: BID-32100 Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities Source: SECTRACK Type: UNKNOWN 1021140 Source: CERT Type: US Government Resource TA08-309A Source: VUPEN Type: UNKNOWN ADV-2008-3001 Source: VUPEN Type: UNKNOWN ADV-2009-0098 Source: XF Type: UNKNOWN adobe-acrobatreader-type1font-code-execution(46332) Source: XF Type: UNKNOWN adobe-acrobatreader-type1font-code-execution(46332) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 11.04.08 Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability Source: SUSE Type: SUSE-SR:2008:026 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||