cvelistv5 - cve-2008-2549

CVE-2008-2549 (GCVE-0-2008-2549)

Vulnerability from cvelistv5 – Published: 2008-06-04 19:17 – Updated: 2024-08-07 09:05

Summary

Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/32700	third-party-advisoryx_refsource_SECUNIA
	http://support.nortel.com/go/main.jsp?cscat=BLTND…	x_refsource_CONFIRM
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://secunia.com/advisories/35163	third-party-advisoryx_refsource_SECUNIA
	http://download.oracle.com/sunalerts/1019937.1.html	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/32872	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/5687	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/29420	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2009/0098	vdb-entryx_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA08-309A.html	third-party-advisoryx_refsource_CERT
	http://www.securitytracker.com/id?1021140	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/3001	vdb-entryx_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2008-09…	vendor-advisoryx_refsource_REDHAT
	http://support.nortel.com/go/main.jsp?cscat=BLTND…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:05:30.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
          },
          {
            "name": "35163",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35163"
          },
          {
            "name": "249366",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://download.oracle.com/sunalerts/1019937.1.html"
          },
          {
            "name": "32872",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32872"
          },
          {
            "name": "acrobatreader-pdf-dos(42886)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
          },
          {
            "name": "5687",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5687"
          },
          {
            "name": "29420",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29420"
          },
          {
            "name": "ADV-2009-0098",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0098"
          },
          {
            "name": "TA08-309A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
          },
          {
            "name": "1021140",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021140"
          },
          {
            "name": "ADV-2008-3001",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3001"
          },
          {
            "name": "SUSE-SR:2008:026",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
          },
          {
            "name": "RHSA-2008:0974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
        },
        {
          "name": "35163",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35163"
        },
        {
          "name": "249366",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://download.oracle.com/sunalerts/1019937.1.html"
        },
        {
          "name": "32872",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32872"
        },
        {
          "name": "acrobatreader-pdf-dos(42886)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
        },
        {
          "name": "5687",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5687"
        },
        {
          "name": "29420",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29420"
        },
        {
          "name": "ADV-2009-0098",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0098"
        },
        {
          "name": "TA08-309A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
        },
        {
          "name": "1021140",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021140"
        },
        {
          "name": "ADV-2008-3001",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3001"
        },
        {
          "name": "SUSE-SR:2008:026",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
        },
        {
          "name": "RHSA-2008:0974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32700"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609",
              "refsource": "CONFIRM",
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
            },
            {
              "name": "35163",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35163"
            },
            {
              "name": "249366",
              "refsource": "SUNALERT",
              "url": "http://download.oracle.com/sunalerts/1019937.1.html"
            },
            {
              "name": "32872",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32872"
            },
            {
              "name": "acrobatreader-pdf-dos(42886)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
            },
            {
              "name": "5687",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5687"
            },
            {
              "name": "29420",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29420"
            },
            {
              "name": "ADV-2009-0098",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0098"
            },
            {
              "name": "TA08-309A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
            },
            {
              "name": "1021140",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021140"
            },
            {
              "name": "ADV-2008-3001",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3001"
            },
            {
              "name": "SUSE-SR:2008:026",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
            },
            {
              "name": "RHSA-2008:0974",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801",
              "refsource": "CONFIRM",
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2549",
    "datePublished": "2008-06-04T19:17:00",
    "dateReserved": "2008-06-04T00:00:00",
    "dateUpdated": "2024-08-07T09:05:30.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1.2\", \"matchCriteriaId\": \"B696DE60-BE96-4590-A903-AB792881A38A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1C92642-7C8D-411A-8726-06A8A6483D65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F509566A-6D4A-40C0-8A16-F8765C5DCAAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"707D7124-6063-4510-80B4-AD9675996F67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AED985D-60D7-489E-9F1E-CE3C9D985B7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF7EAA22-CED2-4379-9465-9562BACB1C20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F5F7424-1E19-4078-8908-CD86A0185042\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2402B40-6B72-48B5-A376-DA8D16CA43FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D968113-340A-4E5A-B4FD-D9702D49E3DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACF742B8-5F7A-487B-835C-756B1BB392F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B9351C2-16ED-4766-B417-8DB3A8766C2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74667860-0047-40AD-9468-860591BA9D17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9628AFF9-6EE1-4E85-858F-AE96EE64B7F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E2D0266-6954-4DBA-9EEE-8BF73B39DD61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24262AFA-2EC8-479E-8922-36DB4243E404\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E62096-08B2-4722-A492-11E9A441E85B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5370AC6-90EE-48EA-8DBD-54002B102F7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C36D10A8-D211-437D-98D8-9029D0A9CF8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA55D00C-3629-48E4-8699-F62B8D703E02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"623324C2-C8B5-4C3C-9C10-9677D5A6740A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"634396D6-4ED6-4F4D-9458-396373489589\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"996EB48E-D2A8-49E4-915A-EBDE26A9FB94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97E20936-EE31-4CEB-A710-3165A28BAD69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.\"}, {\"lang\": \"es\", \"value\": \"Adobe Acrobat Reader 8.1.2 y versiones anteriores, permiten a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda de aplicaci\\u00f3n) y posiblemente la ejecuci\\u00f3n arbitraria de c\\u00f3digo a trav\\u00e9s de un documento PDF mal formado, como se ha demostrado por 2008-HI2.pdf.\"}]",
      "id": "CVE-2008-2549",
      "lastModified": "2024-11-21T00:47:07.893",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-06-04T19:32:00.000",
      "references": "[{\"url\": \"http://download.oracle.com/sunalerts/1019937.1.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/32700\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/32872\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/35163\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb08-19.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0974.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/29420\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1021140\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-309A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3001\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0098\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42886\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/5687\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://download.oracle.com/sunalerts/1019937.1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32700\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32872\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35163\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb08-19.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0974.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29420\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1021140\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-309A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/3001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42886\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/5687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2549\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-06-04T19:32:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.\"},{\"lang\":\"es\",\"value\":\"Adobe Acrobat Reader 8.1.2 y versiones anteriores, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente la ejecuci\u00f3n arbitraria de c\u00f3digo a trav\u00e9s de un documento PDF mal formado, como se ha demostrado por 2008-HI2.pdf.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.2\",\"matchCriteriaId\":\"B696DE60-BE96-4590-A903-AB792881A38A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C92642-7C8D-411A-8726-06A8A6483D65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F509566A-6D4A-40C0-8A16-F8765C5DCAAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"707D7124-6063-4510-80B4-AD9675996F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AED985D-60D7-489E-9F1E-CE3C9D985B7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF7EAA22-CED2-4379-9465-9562BACB1C20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5F7424-1E19-4078-8908-CD86A0185042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2402B40-6B72-48B5-A376-DA8D16CA43FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D968113-340A-4E5A-B4FD-D9702D49E3DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACF742B8-5F7A-487B-835C-756B1BB392F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B9351C2-16ED-4766-B417-8DB3A8766C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74667860-0047-40AD-9468-860591BA9D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9628AFF9-6EE1-4E85-858F-AE96EE64B7F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E2D0266-6954-4DBA-9EEE-8BF73B39DD61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24262AFA-2EC8-479E-8922-36DB4243E404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E62096-08B2-4722-A492-11E9A441E85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5370AC6-90EE-48EA-8DBD-54002B102F7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C36D10A8-D211-437D-98D8-9029D0A9CF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA55D00C-3629-48E4-8699-F62B8D703E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623324C2-C8B5-4C3C-9C10-9677D5A6740A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"634396D6-4ED6-4F4D-9458-396373489589\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"996EB48E-D2A8-49E4-915A-EBDE26A9FB94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97E20936-EE31-4CEB-A710-3165A28BAD69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD\"}]}]}],\"references\":[{\"url\":\"http://download.oracle.com/sunalerts/1019937.1.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32700\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32872\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35163\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb08-19.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0974.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29420\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021140\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-309A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3001\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0098\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42886\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/5687\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download.oracle.com/sunalerts/1019937.1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35163\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb08-19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0974.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-309A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42886\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/5687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2008:0974

Vulnerability from csaf_redhat - Published: 2008-11-12 17:26 - Updated: 2025-11-21 17:33

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Several input validation flaws were discovered in Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817) The Adobe Reader binary had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local attacker able to convince another user to run Adobe Reader in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-4815) All acroread users are advised to upgrade to these updated packages, that contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0974",
        "url": "https://access.redhat.com/errata/RHSA-2008:0974"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "450078",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
      },
      {
        "category": "external",
        "summary": "469875",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
      },
      {
        "category": "external",
        "summary": "469876",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
      },
      {
        "category": "external",
        "summary": "469877",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
      },
      {
        "category": "external",
        "summary": "469880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
      },
      {
        "category": "external",
        "summary": "469882",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
      },
      {
        "category": "external",
        "summary": "469923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:33:57+00:00",
      "generator": {
        "date": "2025-11-21T17:33:57+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2008:0974",
      "initial_release_date": "2008-11-12T17:26:00+00:00",
      "revision_history": [
        {
          "date": "2008-11-12T17:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-11-12T12:26:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:33:57+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-0:8.1.3-1.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.3-1.el5.i386",
                  "product_id": "acroread-0:8.1.3-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.3-1.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.3-1.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.3-1.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.3-1.el4.i386",
                  "product_id": "acroread-0:8.1.3-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.3-1.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.3-1.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.3-1.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.3-1.i386",
                  "product_id": "acroread-plugin-0:8.1.3-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.3-1.i386",
                "product": {
                  "name": "acroread-0:8.1.3-1.i386",
                  "product_id": "acroread-0:8.1.3-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-2549",
      "discovery_date": "2008-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "450078"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: crash and possible code execution",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2549"
        },
        {
          "category": "external",
          "summary": "RHBZ#450078",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
        }
      ],
      "release_date": "2008-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: crash and possible code execution"
    },
    {
      "cve": "CVE-2008-2992",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469877"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: JavaScript util.printf() function buffer overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2992"
        },
        {
          "category": "external",
          "summary": "RHBZ#469877",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: JavaScript util.printf() function buffer overflow"
    },
    {
      "cve": "CVE-2008-4812",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: embedded font handling out-of-bounds array indexing",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4812"
        },
        {
          "category": "external",
          "summary": "RHBZ#469875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: embedded font handling out-of-bounds array indexing"
    },
    {
      "cve": "CVE-2008-4813",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469876"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4813"
        },
        {
          "category": "external",
          "summary": "RHBZ#469876",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
    },
    {
      "cve": "CVE-2008-4814",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: arbitrary code execution via unspecified JavaScript method",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4814"
        },
        {
          "category": "external",
          "summary": "RHBZ#469880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: arbitrary code execution via unspecified JavaScript method"
    },
    {
      "cve": "CVE-2008-4815",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469882"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: insecure RPATH flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4815"
        },
        {
          "category": "external",
          "summary": "RHBZ#469882",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Reader: insecure RPATH flaw"
    },
    {
      "cve": "CVE-2008-4817",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469923"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: Download Manager input validation flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4817"
        },
        {
          "category": "external",
          "summary": "RHBZ#469923",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: Download Manager input validation flaw"
    },
    {
      "cve": "CVE-2009-0927",
      "discovery_date": "2009-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0927"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2009-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-25T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2008_0974

Vulnerability from csaf_redhat - Published: 2008-11-12 17:26 - Updated: 2024-11-14 10:06

Summary

Red Hat Security Advisory: acroread security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0974",
        "url": "https://access.redhat.com/errata/RHSA-2008:0974"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "450078",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
      },
      {
        "category": "external",
        "summary": "469875",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
      },
      {
        "category": "external",
        "summary": "469876",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
      },
      {
        "category": "external",
        "summary": "469877",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
      },
      {
        "category": "external",
        "summary": "469880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
      },
      {
        "category": "external",
        "summary": "469882",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
      },
      {
        "category": "external",
        "summary": "469923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
      }
    ],
    "title": "Red Hat Security Advisory: acroread security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:06:43+00:00",
      "generator": {
        "date": "2024-11-14T10:06:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:0974",
      "initial_release_date": "2008-11-12T17:26:00+00:00",
      "revision_history": [
        {
          "date": "2008-11-12T17:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-11-12T12:26:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:06:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "acroread-0:8.1.3-1.el5.i386",
                "product": {
                  "name": "acroread-0:8.1.3-1.el5.i386",
                  "product_id": "acroread-0:8.1.3-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.3-1.el5.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.3-1.el5.i386",
                  "product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.3-1.el4.i386",
                "product": {
                  "name": "acroread-0:8.1.3-1.el4.i386",
                  "product_id": "acroread-0:8.1.3-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.3-1.el4.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.3-1.el4.i386",
                  "product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-plugin-0:8.1.3-1.i386",
                "product": {
                  "name": "acroread-plugin-0:8.1.3-1.i386",
                  "product_id": "acroread-plugin-0:8.1.3-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "acroread-0:8.1.3-1.i386",
                "product": {
                  "name": "acroread-0:8.1.3-1.i386",
                  "product_id": "acroread-0:8.1.3-1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.i386",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        },
        "product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-2549",
      "discovery_date": "2008-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "450078"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "acroread: crash and possible code execution",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2549"
        },
        {
          "category": "external",
          "summary": "RHBZ#450078",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
        }
      ],
      "release_date": "2008-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "acroread: crash and possible code execution"
    },
    {
      "cve": "CVE-2008-2992",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469877"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: JavaScript util.printf() function buffer overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2992"
        },
        {
          "category": "external",
          "summary": "RHBZ#469877",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: JavaScript util.printf() function buffer overflow"
    },
    {
      "cve": "CVE-2008-4812",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: embedded font handling out-of-bounds array indexing",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4812"
        },
        {
          "category": "external",
          "summary": "RHBZ#469875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: embedded font handling out-of-bounds array indexing"
    },
    {
      "cve": "CVE-2008-4813",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469876"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4813"
        },
        {
          "category": "external",
          "summary": "RHBZ#469876",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
    },
    {
      "cve": "CVE-2008-4814",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: arbitrary code execution via unspecified JavaScript method",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4814"
        },
        {
          "category": "external",
          "summary": "RHBZ#469880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: arbitrary code execution via unspecified JavaScript method"
    },
    {
      "cve": "CVE-2008-4815",
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469882"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: insecure RPATH flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4815"
        },
        {
          "category": "external",
          "summary": "RHBZ#469882",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Reader: insecure RPATH flaw"
    },
    {
      "cve": "CVE-2008-4817",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2008-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "469923"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Reader: Download Manager input validation flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-4817"
        },
        {
          "category": "external",
          "summary": "RHBZ#469923",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
        }
      ],
      "release_date": "2008-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Reader: Download Manager input validation flaw"
    },
    {
      "cve": "CVE-2009-0927",
      "discovery_date": "2009-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:acroread-0:8.1.3-1.i386",
          "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-0:8.1.3-1.i386",
          "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3ES-LACD:acroread-0:8.1.3-1.i386",
          "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
          "3WS-LACD:acroread-0:8.1.3-1.i386",
          "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
          "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
          "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
          "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
          "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
          "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
          "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0927"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2009-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-11-12T17:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0974"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "3AS-LACD:acroread-0:8.1.3-1.i386",
            "3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-0:8.1.3-1.i386",
            "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3ES-LACD:acroread-0:8.1.3-1.i386",
            "3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
            "3WS-LACD:acroread-0:8.1.3-1.i386",
            "3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
            "4AS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
            "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-0:8.1.3-1.el4.i386",
            "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-0:8.1.3-1.el4.i386",
            "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
            "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
            "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-25T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GSD-2008-2549

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2549

Aliases

CVE-2008-2549

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2549",
    "description": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
    "id": "GSD-2008-2549",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2549.html",
      "https://access.redhat.com/errata/RHSA-2008:0974"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2549"
      ],
      "details": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
      "id": "GSD-2008-2549",
      "modified": "2023-12-13T01:23:01.162224Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2549",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32700",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32700"
          },
          {
            "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609",
            "refsource": "CONFIRM",
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
          },
          {
            "name": "35163",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35163"
          },
          {
            "name": "249366",
            "refsource": "SUNALERT",
            "url": "http://download.oracle.com/sunalerts/1019937.1.html"
          },
          {
            "name": "32872",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32872"
          },
          {
            "name": "acrobatreader-pdf-dos(42886)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
          },
          {
            "name": "5687",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/5687"
          },
          {
            "name": "29420",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29420"
          },
          {
            "name": "ADV-2009-0098",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0098"
          },
          {
            "name": "TA08-309A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
          },
          {
            "name": "1021140",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021140"
          },
          {
            "name": "ADV-2008-3001",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3001"
          },
          {
            "name": "SUSE-SR:2008:026",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
          },
          {
            "name": "RHSA-2008:0974",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
          },
          {
            "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801",
            "refsource": "CONFIRM",
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2549"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29420",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29420"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
            },
            {
              "name": "32872",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32872"
            },
            {
              "name": "SUSE-SR:2008:026",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
            },
            {
              "name": "TA08-309A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
            },
            {
              "name": "RHSA-2008:0974",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
            },
            {
              "name": "32700",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32700"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
            },
            {
              "name": "35163",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35163"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
            },
            {
              "name": "ADV-2009-0098",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/0098"
            },
            {
              "name": "ADV-2008-3001",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/3001"
            },
            {
              "name": "1021140",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021140"
            },
            {
              "name": "249366",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://download.oracle.com/sunalerts/1019937.1.html"
            },
            {
              "name": "acrobatreader-pdf-dos(42886)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
            },
            {
              "name": "5687",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/5687"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-29T01:31Z",
      "publishedDate": "2008-06-04T19:32Z"
    }
  }
}

FKIE_CVE-2008-2549

Vulnerability from fkie_nvd - Published: 2008-06-04 19:32 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://download.oracle.com/sunalerts/1019937.1.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
cve@mitre.org	http://secunia.com/advisories/32700
cve@mitre.org	http://secunia.com/advisories/32872
cve@mitre.org	http://secunia.com/advisories/35163
cve@mitre.org	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801
cve@mitre.org	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb08-19.html
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-04.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0974.html
cve@mitre.org	http://www.securityfocus.com/bid/29420
cve@mitre.org	http://www.securitytracker.com/id?1021140
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-309A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3001
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0098
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42886
cve@mitre.org	https://www.exploit-db.com/exploits/5687
af854a3a-2127-422b-91ae-364da2661108	http://download.oracle.com/sunalerts/1019937.1.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32700
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32872
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35163
af854a3a-2127-422b-91ae-364da2661108	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801
af854a3a-2127-422b-91ae-364da2661108	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb08-19.html
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-04.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0974.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29420
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021140
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-309A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3001
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0098
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42886
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5687

Impacted products

Vendor	Product	Version
adobe	acrobat_reader	*
adobe	acrobat_reader	3.0
adobe	acrobat_reader	4.0
adobe	acrobat_reader	4.0.5
adobe	acrobat_reader	4.5
adobe	acrobat_reader	5.0
adobe	acrobat_reader	5.0.5
adobe	acrobat_reader	5.0.6
adobe	acrobat_reader	5.0.7
adobe	acrobat_reader	5.0.9
adobe	acrobat_reader	5.0.10
adobe	acrobat_reader	5.0.11
adobe	acrobat_reader	5.1
adobe	acrobat_reader	6.0
adobe	acrobat_reader	6.0.1
adobe	acrobat_reader	6.0.2
adobe	acrobat_reader	6.0.3
adobe	acrobat_reader	6.0.4
adobe	acrobat_reader	6.0.5
adobe	acrobat_reader	7.0
adobe	acrobat_reader	7.0.1
adobe	acrobat_reader	7.0.2
adobe	acrobat_reader	7.0.3
adobe	acrobat_reader	7.0.4
adobe	acrobat_reader	7.0.5
adobe	acrobat_reader	7.0.6
adobe	acrobat_reader	7.0.7
adobe	acrobat_reader	7.0.8
adobe	acrobat_reader	7.0.9
adobe	acrobat_reader	8.0
adobe	acrobat_reader	8.1
adobe	acrobat_reader	8.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B696DE60-BE96-4590-A903-AB792881A38A",
              "versionEndIncluding": "8.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1C92642-7C8D-411A-8726-06A8A6483D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F509566A-6D4A-40C0-8A16-F8765C5DCAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "707D7124-6063-4510-80B4-AD9675996F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AED985D-60D7-489E-9F1E-CE3C9D985B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF7EAA22-CED2-4379-9465-9562BACB1C20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F5F7424-1E19-4078-8908-CD86A0185042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2402B40-6B72-48B5-A376-DA8D16CA43FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D968113-340A-4E5A-B4FD-D9702D49E3DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF742B8-5F7A-487B-835C-756B1BB392F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "634396D6-4ED6-4F4D-9458-396373489589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E20936-EE31-4CEB-A710-3165A28BAD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf."
    },
    {
      "lang": "es",
      "value": "Adobe Acrobat Reader 8.1.2 y versiones anteriores, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente la ejecuci\u00f3n arbitraria de c\u00f3digo a trav\u00e9s de un documento PDF mal formado, como se ha demostrado por 2008-HI2.pdf."
    }
  ],
  "id": "CVE-2008-2549",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-06-04T19:32:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://download.oracle.com/sunalerts/1019937.1.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32700"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32872"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29420"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021140"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3001"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0098"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://download.oracle.com/sunalerts/1019937.1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5687"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6H86-QRJC-GVQ6

Vulnerability from github – Published: 2022-05-01 23:50 – Updated: 2022-05-01 23:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2549"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-04T19:32:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
  "id": "GHSA-6h86-qrjc-gvq6",
  "modified": "2022-05-01T23:50:54Z",
  "published": "2022-05-01T23:50:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42886"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/5687"
    },
    {
      "type": "WEB",
      "url": "http://download.oracle.com/sunalerts/1019937.1.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32700"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32872"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35163"
    },
    {
      "type": "WEB",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=800801"
    },
    {
      "type": "WEB",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=909609"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29420"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021140"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3001"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0098"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-541

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectent les produits Adobe Acrobat et Adobe Reader permettant, entre autres, à une personne malveillante d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités ont été découvertes dans Adobe Acrobat et Adobe Reader :

plusieurs erreurs dans la validation des données permettent une exécution, locale ou à distance, de code arbitraire ;
deux erreurs dans le traitement de certaines données par le gestionnaire de téléchargement d'Adobe Reader permettent de modifier les options de sécurité de l'utilisateur pendant le processus de téléchargement ;
une erreur dans la traitement de données par une méthode JavaScript permet une exécution de code arbitraire à distance ;
une vulnérabilité non documentée permet une élévation de privilèges ;
une vulnérabilité permet un déni de service via un document PDF spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Adobe Reader 8.x.
Adobe	Acrobat	Adobe Acrobat 3D 3.x ;
Adobe	Acrobat	Adobe Acrobat 8.x ;
Adobe	Acrobat	Adobe Acrobat 8 Professional ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb08-19 du 4 novembre 2008	None	vendor-advisory
Bulletin de sécurité Adobe apsb08-19 du 04 novembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader 8.x.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat 3D 3.x ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat 8.x ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat 8 Professional ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Acrobat et\nAdobe Reader :\n\n-   plusieurs erreurs dans la validation des donn\u00e9es permettent une\n    ex\u00e9cution, locale ou \u00e0 distance, de code arbitraire ;\n-   deux erreurs dans le traitement de certaines donn\u00e9es par le\n    gestionnaire de t\u00e9l\u00e9chargement d\u0027Adobe Reader permettent de modifier\n    les options de s\u00e9curit\u00e9 de l\u0027utilisateur pendant le processus de\n    t\u00e9l\u00e9chargement ;\n-   une erreur dans la traitement de donn\u00e9es par une m\u00e9thode JavaScript\n    permet une ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   une vuln\u00e9rabilit\u00e9 non document\u00e9e permet une \u00e9l\u00e9vation de privil\u00e8ges\n    ;\n-   une vuln\u00e9rabilit\u00e9 permet un d\u00e9ni de service via un document PDF\n    sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
    },
    {
      "name": "CVE-2008-4817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
    },
    {
      "name": "CVE-2008-4816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4816"
    },
    {
      "name": "CVE-2008-4815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
    },
    {
      "name": "CVE-2008-2549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
    },
    {
      "name": "CVE-2008-2992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
    },
    {
      "name": "CVE-2008-4812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
    },
    {
      "name": "CVE-2008-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-19 du 04 novembre 2008 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
    }
  ],
  "reference": "CERTA-2008-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent les produits Adobe Acrobat et Adobe\nReader permettant, entre autres, \u00e0 une personne malveillante d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Acrobat et Adobe Reader",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-19 du 4 novembre 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-541

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectent les produits Adobe Acrobat et Adobe Reader permettant, entre autres, à une personne malveillante d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités ont été découvertes dans Adobe Acrobat et Adobe Reader :

plusieurs erreurs dans la validation des données permettent une exécution, locale ou à distance, de code arbitraire ;
deux erreurs dans le traitement de certaines données par le gestionnaire de téléchargement d'Adobe Reader permettent de modifier les options de sécurité de l'utilisateur pendant le processus de téléchargement ;
une erreur dans la traitement de données par une méthode JavaScript permet une exécution de code arbitraire à distance ;
une vulnérabilité non documentée permet une élévation de privilèges ;
une vulnérabilité permet un déni de service via un document PDF spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Adobe Reader 8.x.
Adobe	Acrobat	Adobe Acrobat 3D 3.x ;
Adobe	Acrobat	Adobe Acrobat 8.x ;
Adobe	Acrobat	Adobe Acrobat 8 Professional ;

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb08-19 du 4 novembre 2008	None	vendor-advisory
Bulletin de sécurité Adobe apsb08-19 du 04 novembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader 8.x.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat 3D 3.x ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat 8.x ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat 8 Professional ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Acrobat et\nAdobe Reader :\n\n-   plusieurs erreurs dans la validation des donn\u00e9es permettent une\n    ex\u00e9cution, locale ou \u00e0 distance, de code arbitraire ;\n-   deux erreurs dans le traitement de certaines donn\u00e9es par le\n    gestionnaire de t\u00e9l\u00e9chargement d\u0027Adobe Reader permettent de modifier\n    les options de s\u00e9curit\u00e9 de l\u0027utilisateur pendant le processus de\n    t\u00e9l\u00e9chargement ;\n-   une erreur dans la traitement de donn\u00e9es par une m\u00e9thode JavaScript\n    permet une ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   une vuln\u00e9rabilit\u00e9 non document\u00e9e permet une \u00e9l\u00e9vation de privil\u00e8ges\n    ;\n-   une vuln\u00e9rabilit\u00e9 permet un d\u00e9ni de service via un document PDF\n    sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
    },
    {
      "name": "CVE-2008-4817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
    },
    {
      "name": "CVE-2008-4816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4816"
    },
    {
      "name": "CVE-2008-4815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
    },
    {
      "name": "CVE-2008-2549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
    },
    {
      "name": "CVE-2008-2992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
    },
    {
      "name": "CVE-2008-4812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
    },
    {
      "name": "CVE-2008-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-19 du 04 novembre 2008 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
    }
  ],
  "reference": "CERTA-2008-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent les produits Adobe Acrobat et Adobe\nReader permettant, entre autres, \u00e0 une personne malveillante d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Acrobat et Adobe Reader",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-19 du 4 novembre 2008",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2549 (GCVE-0-2008-2549)

RHSA-2008:0974

RHSA-2008_0974

GSD-2008-2549

FKIE_CVE-2008-2549

GHSA-6H86-QRJC-GVQ6

CERTA-2008-AVI-541

Description

Solution

CERTA-2008-AVI-541

Description

Solution

Tags

Sightings

Nomenclature