FKIE_CVE-2008-5409

Vulnerability from fkie_nvd - Published: 2008-12-10 06:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
References
cve@mitre.orghttp://milw0rm.com/sploits/2008-BitDefenderDOS.zip
cve@mitre.orghttp://osvdb.org/50010
cve@mitre.orghttp://osvdb.org/50103
cve@mitre.orghttp://osvdb.org/50205
cve@mitre.orghttp://secunia.com/advisories/27805Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32789Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32814Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/32396Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46750
cve@mitre.orghttps://www.exploit-db.com/exploits/7178
af854a3a-2127-422b-91ae-364da2661108http://milw0rm.com/sploits/2008-BitDefenderDOS.zip
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50010
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50103
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50205
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27805Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32789Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32814Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32396Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46750
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/7178
Impacted products
Vendor Product Version
bitdefender antivirus 10
bitdefender bitdefender 10
bullguard internet_security 8.5
software602 groupware_server 6.0.08.1118
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bitdefender:antivirus:10:_nil_:standard:*:*:*:*:*",
              "matchCriteriaId": "99345132-856D-4E53-AE8F-101308FCC42E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bitdefender:bitdefender:10:_nil_:free_edition:*:*:*:*:*",
              "matchCriteriaId": "62BA09A9-6D2C-4C35-BB3E-B517BCC9B6D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bullguard:internet_security:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4BB76-CF3D-45E6-BB29-F4BBB547C7E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:software602:groupware_server:6.0.08.1118:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8EE9C8A-9417-4A5A-90A0-5F6D8EB4370B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en el m\u00f3dulo pdf.xmd en (1) BitDefender Free Edition 10 y Antivirus Standard 10, (2) BullGuard Internet Security v8.5, y (3) Software602 Groupware Server v6.0.08.1118, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo PDF manipulado, seguramente relacionado con la inclusi\u00f3n de flujos comprimidos que son procesados con el filtro ASCIIHexDecode. NOTA: algunos de \u00e9stos detalles han sido obtenidos a partir de terceros."
    }
  ],
  "id": "CVE-2008-5409",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T06:44:42.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/50010"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/50103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/50205"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27805"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32789"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32814"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32396"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7178"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.