ID CVE-2007-5020
Summary Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:acrobat:8.1:*:windows:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1:*:windows:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1:*:windows:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 25748
bugtraq 20070920 0day: PDF pwns Windows
cert TA07-297B
confirm http://www.adobe.com/support/security/advisories/apsa07-04.html
misc http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
sectrack 1018723
vupen ADV-2007-3392
xf adobe-unspecified-pdf-code-execution(36722)
statements via4
contributor Mark J Cox
lastmodified 2007-10-08
organization Red Hat
statement According to Abobe this issue affects only the Windows platform and therefore does not affect Adobe Acrobat Reader as distributed with Red Hat Enterprise Linux Extras. http://www.adobe.com/support/security/advisories/apsa07-04.html
Last major update 15-10-2018 - 21:40
Published 21-09-2007 - 18:17
Back to Top