2008-0726 | Adobe Acrobat numeric error (BID-27641 / XFDB-40789)
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability, which was classified as critical, was found in Adobe Acrobat 8.1.1 (Document Reader Software). CWE is classifying the issue as CWE-189. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was published 02/12/2008 (Website). The advisory is shared for download at adobe.com. This vulnerability is traded as CVE-2008-0726 since 02/10/2008. It is possible to launch the attack remotely. The exploitation doesn’t require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 07/31/2021).
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 40800 (Adobe Acrobat Windows and running in the context local. The commercial vulnerability scanner Qualys is able to test this issue with plugin 165670 (SUSE Enterprise Linux Security Update Acrobat Reader (SUSE-SA:2008:009)).
Upgrading eliminates this vulnerability. A possible mitigation has been published 4 months after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 5941.
The vulnerability is also documented in the databases at SecurityFocus (BID 27641), X-Force (40789), Secunia (SA28983), Vulnerability Center (SBV-17742) and Tenable (40800). Similar entries are available at 3523, 3593, 3595 and 3592.
VulDB Meta Base Score: 7.3
VulDB Meta Temp Score: 6.6
NVD Base Score: 🔍
02/10/2008 +4 days 🔍
02/11/2008 +1 days 🔍
02/12/2008 +0 days 🔍
02/12/2008 +0 days 🔍
02/18/2008 +6 days 🔍
02/25/2008 +7 days 🔍
05/16/2008 +80 days 🔍
08/28/2009 +469 days 🔍
03/16/2015 +2026 days 🔍
05/07/2018 +1147 days 🔍
07/31/2021 +1181 days 🔍Vendor: https://www.adobe.com/
Secunia: 28983 – SUSE update for acroread, Highly Critical
Vulnerability Center: 17742 – Adobe Acrobat Reader and Acrobat Allows Remote Code Execution via Crafted PDF File, Medium
See also: 🔍
Created: 03/16/2015 13:43
Updated: 07/31/2021 08:00
Changes: (4) source_securityfocus_date source_securityfocus_class exploit_price_0day vulnerability_cvss2_nvd_basescore
Upgrade your account now!