| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $5k-$25k | 0.43 |
A vulnerability, which was classified as critical, was found in Adobe Acrobat 8.1.1 (Document Reader Software). CWE is classifying the issue as CWE-189. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was published 02/12/2008 (Website). The advisory is shared for download at adobe.com. This vulnerability is traded as CVE-2008-0726 since 02/10/2008. It is possible to launch the attack remotely. The exploitation doesn’t require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 07/31/2021).
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 40800 (Adobe Acrobat Windows and running in the context local. The commercial vulnerability scanner Qualys is able to test this issue with plugin 165670 (SUSE Enterprise Linux Security Update Acrobat Reader (SUSE-SA:2008:009)).
Upgrading eliminates this vulnerability. A possible mitigation has been published 4 months after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 5941.
The vulnerability is also documented in the databases at SecurityFocus (BID 27641), X-Force (40789), Secunia (SA28983), Vulnerability Center (SBV-17742) and Tenable (40800). Similar entries are available at 3523, 3593, 3595 and 3592.
Type
Vendor
Name
VulDB Meta Base Score: 7.3
VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Unknown
CWE: CWE-189
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 40800
Nessus Name: Adobe Acrobat Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 850034
OpenVAS Name: SurgeMail SurgeWeb Cross Site Scripting Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: adobe.com
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
02/06/2008 🔍
02/10/2008 🔍
02/11/2008 🔍
02/12/2008 🔍
02/12/2008 🔍
02/18/2008 🔍
02/25/2008 🔍
05/16/2008 🔍
08/28/2009 🔍
03/16/2015 🔍
05/07/2018 🔍
07/31/2021 🔍Vendor: https://www.adobe.com/
Advisory: adobe.com
Status: Not defined
Confirmation: 🔍
CVE: CVE-2008-0726 (🔍)
OVAL: 🔍
SecurityFocus: 27641
Secunia: 28983 – SUSE update for acroread, Highly Critical
X-Force: 40789
Vulnerability Center: 17742 – Adobe Acrobat Reader and Acrobat Allows Remote Code Execution via Crafted PDF File, Medium
Vupen: ADV-2008-1966
See also: 🔍
Created: 03/16/2015 13:43
Updated: 07/31/2021 08:00
Changes: (4) source_securityfocus_date source_securityfocus_class exploit_price_0day vulnerability_cvss2_nvd_basescore
Complete: 🔍
Upgrade your account now!
