Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-4814 (GCVE-0-2008-4814)
Vulnerability from cvelistv5
Published
2008-11-05 14:51
Modified
2024-08-07 10:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32700"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "32100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32100"
},
{
"name": "249366",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"name": "32872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32872"
},
{
"name": "adobe-javascript-code-execution1(46334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"name": "ADV-2009-0098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"name": "TA08-309A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"name": "1021140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021140"
},
{
"name": "ADV-2008-3001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"name": "SUSE-SR:2008:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"name": "RHSA-2008:0974",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32700"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "32100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32100"
},
{
"name": "249366",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"name": "32872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32872"
},
{
"name": "adobe-javascript-code-execution1(46334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"name": "ADV-2009-0098",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"name": "TA08-309A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"name": "1021140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021140"
},
{
"name": "ADV-2008-3001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"name": "SUSE-SR:2008:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"name": "RHSA-2008:0974",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32700"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "32100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32100"
},
{
"name": "249366",
"refsource": "SUNALERT",
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"name": "32872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32872"
},
{
"name": "adobe-javascript-code-execution1(46334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"name": "ADV-2009-0098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"name": "TA08-309A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"name": "1021140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021140"
},
{
"name": "ADV-2008-3001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"name": "SUSE-SR:2008:026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124",
"refsource": "MISC",
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"name": "RHSA-2008:0974",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4814",
"datePublished": "2008-11-05T14:51:00",
"dateReserved": "2008-10-31T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-4814\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-11-05T15:00:14.523\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \\\"input validation issue.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en un m\u00e9todo JavaScript en Adobe Reader y Acrobat 8.1.2 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos. Est\u00e9 relacionado con un \\\"tema de validaci\u00f3n de entrada\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:unknown:3d:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.2\",\"matchCriteriaId\":\"E3E09C95-5726-486C-86C6-F1E98D281DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:unknown:professional:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.2\",\"matchCriteriaId\":\"FF117631-0095-4139-AFAC-D2C9050674AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:unknown:standard:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.2\",\"matchCriteriaId\":\"3AA6AB66-8399-41E9-9688-7EEC083AFEBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8665E53-EC1E-4B95-9064-2565BC12113E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:*:*:*:*:*\",\"matchCriteriaId\":\"C05B37C5-3043-4398-B009-7FFD5AF9D9FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:*:*:*:*:*\",\"matchCriteriaId\":\"73AE4111-A2AD-41A6-9F74-6C5DCBAD7B4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:*:*:*:*:*\",\"matchCriteriaId\":\"A72B429E-3C05-49A2-8097-72D968473B3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0\",\"matchCriteriaId\":\"612599DD-94C9-4ECF-8986-C3BF355779B4\"}]}]}],\"references\":[{\"url\":\"http://download.oracle.com/sunalerts/1019937.1.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32700\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32872\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb08-19.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0974.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32100\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021140\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-309A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3001\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0098\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46334\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download.oracle.com/sunalerts/1019937.1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb08-19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0974.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-309A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46334\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
ghsa-3543-r684-9c6x
Vulnerability from github
Published
2022-05-14 02:16
Modified
2022-05-14 02:16
VLAI Severity ?
Details
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
{
"affected": [],
"aliases": [
"CVE-2008-4814"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-05T15:00:00Z",
"severity": "HIGH"
},
"details": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"id": "GHSA-3543-r684-9c6x",
"modified": "2022-05-14T02:16:57Z",
"published": "2022-05-14T02:16:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
},
{
"type": "WEB",
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32700"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32872"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32100"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021140"
},
{
"type": "WEB",
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/0098"
}
],
"schema_version": "1.4.0",
"severity": []
}
gsd-2008-4814
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-4814",
"description": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"id": "GSD-2008-4814",
"references": [
"https://www.suse.com/security/cve/CVE-2008-4814.html",
"https://access.redhat.com/errata/RHSA-2008:0974"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-4814"
],
"details": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"id": "GSD-2008-4814",
"modified": "2023-12-13T01:22:59.660316Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32700"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "32100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32100"
},
{
"name": "249366",
"refsource": "SUNALERT",
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"name": "32872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32872"
},
{
"name": "adobe-javascript-code-execution1(46334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"name": "ADV-2009-0098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"name": "TA08-309A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"name": "1021140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021140"
},
{
"name": "ADV-2008-3001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"name": "SUSE-SR:2008:026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124",
"refsource": "MISC",
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"name": "RHSA-2008:0974",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:unknown:professional:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:unknown:3d:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:unknown:standard:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4814"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"name": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124",
"refsource": "MISC",
"tags": [],
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"name": "32100",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/32100"
},
{
"name": "SUSE-SR:2008:026",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "32872",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32872"
},
{
"name": "TA08-309A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"name": "RHSA-2008:0974",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
},
{
"name": "32700",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32700"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "ADV-2009-0098",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"name": "ADV-2008-3001",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"name": "1021140",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1021140"
},
{
"name": "249366",
"refsource": "SUNALERT",
"tags": [],
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"name": "adobe-javascript-code-execution1(46334)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-30T16:25Z",
"publishedDate": "2008-11-05T15:00Z"
}
}
}
rhsa-2008_0974
Vulnerability from csaf_redhat
Published
2008-11-12 17:26
Modified
2024-11-14 10:06
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0974",
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:06:43+00:00",
"generator": {
"date": "2024-11-14T10:06:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2008:0974",
"initial_release_date": "2008-11-12T17:26:00+00:00",
"revision_history": [
{
"date": "2008-11-12T17:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-12T12:26:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:06:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-0:8.1.3-1.el5.i386",
"product_id": "acroread-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-0:8.1.3-1.el4.i386",
"product_id": "acroread-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.i386",
"product_id": "acroread-plugin-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.i386",
"product": {
"name": "acroread-0:8.1.3-1.i386",
"product_id": "acroread-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2549",
"discovery_date": "2008-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450078"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: crash and possible code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2549"
},
{
"category": "external",
"summary": "RHBZ#450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
}
],
"release_date": "2008-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: crash and possible code execution"
},
{
"cve": "CVE-2008-2992",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469877"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: JavaScript util.printf() function buffer overflow",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2992"
},
{
"category": "external",
"summary": "RHBZ#469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: JavaScript util.printf() function buffer overflow"
},
{
"cve": "CVE-2008-4812",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469875"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: embedded font handling out-of-bounds array indexing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4812"
},
{
"category": "external",
"summary": "RHBZ#469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: embedded font handling out-of-bounds array indexing"
},
{
"cve": "CVE-2008-4813",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469876"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4813"
},
{
"category": "external",
"summary": "RHBZ#469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
},
{
"cve": "CVE-2008-4814",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469880"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: arbitrary code execution via unspecified JavaScript method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4814"
},
{
"category": "external",
"summary": "RHBZ#469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: arbitrary code execution via unspecified JavaScript method"
},
{
"cve": "CVE-2008-4815",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469882"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: insecure RPATH flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4815"
},
{
"category": "external",
"summary": "RHBZ#469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Reader: insecure RPATH flaw"
},
{
"cve": "CVE-2008-4817",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469923"
}
],
"notes": [
{
"category": "description",
"text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: Download Manager input validation flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4817"
},
{
"category": "external",
"summary": "RHBZ#469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: Download Manager input validation flaw"
},
{
"cve": "CVE-2009-0927",
"discovery_date": "2009-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618340"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0927"
},
{
"category": "external",
"summary": "RHBZ#1618340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
}
]
}
rhsa-2008:0974
Vulnerability from csaf_redhat
Published
2008-11-12 17:26
Modified
2025-11-08 03:24
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0974",
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-11-08T03:24:02+00:00",
"generator": {
"date": "2025-11-08T03:24:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0974",
"initial_release_date": "2008-11-12T17:26:00+00:00",
"revision_history": [
{
"date": "2008-11-12T17:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-12T12:26:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:24:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-0:8.1.3-1.el5.i386",
"product_id": "acroread-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-0:8.1.3-1.el4.i386",
"product_id": "acroread-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.i386",
"product_id": "acroread-plugin-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.i386",
"product": {
"name": "acroread-0:8.1.3-1.i386",
"product_id": "acroread-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2549",
"discovery_date": "2008-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450078"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: crash and possible code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2549"
},
{
"category": "external",
"summary": "RHBZ#450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
}
],
"release_date": "2008-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: crash and possible code execution"
},
{
"cve": "CVE-2008-2992",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469877"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: JavaScript util.printf() function buffer overflow",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2992"
},
{
"category": "external",
"summary": "RHBZ#469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: JavaScript util.printf() function buffer overflow"
},
{
"cve": "CVE-2008-4812",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469875"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: embedded font handling out-of-bounds array indexing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4812"
},
{
"category": "external",
"summary": "RHBZ#469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: embedded font handling out-of-bounds array indexing"
},
{
"cve": "CVE-2008-4813",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469876"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4813"
},
{
"category": "external",
"summary": "RHBZ#469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
},
{
"cve": "CVE-2008-4814",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469880"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: arbitrary code execution via unspecified JavaScript method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4814"
},
{
"category": "external",
"summary": "RHBZ#469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: arbitrary code execution via unspecified JavaScript method"
},
{
"cve": "CVE-2008-4815",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469882"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: insecure RPATH flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4815"
},
{
"category": "external",
"summary": "RHBZ#469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Reader: insecure RPATH flaw"
},
{
"cve": "CVE-2008-4817",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469923"
}
],
"notes": [
{
"category": "description",
"text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: Download Manager input validation flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4817"
},
{
"category": "external",
"summary": "RHBZ#469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: Download Manager input validation flaw"
},
{
"cve": "CVE-2009-0927",
"discovery_date": "2009-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618340"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0927"
},
{
"category": "external",
"summary": "RHBZ#1618340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
}
]
}
RHSA-2008:0974
Vulnerability from csaf_redhat
Published
2008-11-12 17:26
Modified
2025-11-08 03:24
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0974",
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-11-08T03:24:02+00:00",
"generator": {
"date": "2025-11-08T03:24:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0974",
"initial_release_date": "2008-11-12T17:26:00+00:00",
"revision_history": [
{
"date": "2008-11-12T17:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-12T12:26:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-08T03:24:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-0:8.1.3-1.el5.i386",
"product_id": "acroread-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-0:8.1.3-1.el4.i386",
"product_id": "acroread-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.i386",
"product_id": "acroread-plugin-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.i386",
"product": {
"name": "acroread-0:8.1.3-1.i386",
"product_id": "acroread-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2549",
"discovery_date": "2008-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450078"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: crash and possible code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2549"
},
{
"category": "external",
"summary": "RHBZ#450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
}
],
"release_date": "2008-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: crash and possible code execution"
},
{
"cve": "CVE-2008-2992",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469877"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: JavaScript util.printf() function buffer overflow",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2992"
},
{
"category": "external",
"summary": "RHBZ#469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: JavaScript util.printf() function buffer overflow"
},
{
"cve": "CVE-2008-4812",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469875"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: embedded font handling out-of-bounds array indexing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4812"
},
{
"category": "external",
"summary": "RHBZ#469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: embedded font handling out-of-bounds array indexing"
},
{
"cve": "CVE-2008-4813",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469876"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4813"
},
{
"category": "external",
"summary": "RHBZ#469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
},
{
"cve": "CVE-2008-4814",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469880"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: arbitrary code execution via unspecified JavaScript method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4814"
},
{
"category": "external",
"summary": "RHBZ#469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: arbitrary code execution via unspecified JavaScript method"
},
{
"cve": "CVE-2008-4815",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469882"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: insecure RPATH flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4815"
},
{
"category": "external",
"summary": "RHBZ#469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Reader: insecure RPATH flaw"
},
{
"cve": "CVE-2008-4817",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469923"
}
],
"notes": [
{
"category": "description",
"text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: Download Manager input validation flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4817"
},
{
"category": "external",
"summary": "RHBZ#469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: Download Manager input validation flaw"
},
{
"cve": "CVE-2009-0927",
"discovery_date": "2009-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618340"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0927"
},
{
"category": "external",
"summary": "RHBZ#1618340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
}
]
}
fkie_cve-2008-4814
Vulnerability from fkie_nvd
Published
2008-11-05 15:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://download.oracle.com/sunalerts/1019937.1.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html | ||
| cve@mitre.org | http://secunia.com/advisories/32700 | ||
| cve@mitre.org | http://secunia.com/advisories/32872 | ||
| cve@mitre.org | http://www.adobe.com/support/security/bulletins/apsb08-19.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.adobe.com/support/security/bulletins/apsb09-04.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0974.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/32100 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021140 | ||
| cve@mitre.org | http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA08-309A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/3001 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0098 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/46334 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://download.oracle.com/sunalerts/1019937.1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32700 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb08-19.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb09-04.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0974.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021140 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA08-309A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/3001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0098 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/46334 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:unknown:3d:*:*:*:*:*",
"matchCriteriaId": "E3E09C95-5726-486C-86C6-F1E98D281DDD",
"versionEndIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:unknown:professional:*:*:*:*:*",
"matchCriteriaId": "FF117631-0095-4139-AFAC-D2C9050674AD",
"versionEndIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:unknown:standard:*:*:*:*:*",
"matchCriteriaId": "3AA6AB66-8399-41E9-9688-7EEC083AFEBB",
"versionEndIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8665E53-EC1E-4B95-9064-2565BC12113E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:*:*:*:*:*",
"matchCriteriaId": "C05B37C5-3043-4398-B009-7FFD5AF9D9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:*:*:*:*:*",
"matchCriteriaId": "73AE4111-A2AD-41A6-9F74-6C5DCBAD7B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:*:*:*:*:*",
"matchCriteriaId": "A72B429E-3C05-49A2-8097-72D968473B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612599DD-94C9-4ECF-8986-C3BF355779B4",
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un m\u00e9todo JavaScript en Adobe Reader y Acrobat 8.1.2 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos. Est\u00e9 relacionado con un \"tema de validaci\u00f3n de entrada\"."
}
],
"id": "CVE-2008-4814",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-05T15:00:14.523",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32700"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32872"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32100"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021140"
},
{
"source": "cve@mitre.org",
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.skyrecon.com/index.php?option=com_content\u0026task=view\u0026id=302\u0026Itemid=124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTA-2008-AVI-541
Vulnerability from certfr_avis
Plusieurs vulnérabilités affectent les produits Adobe Acrobat et Adobe Reader permettant, entre autres, à une personne malveillante d'exécuter du code arbitraire à distance.
Description
De multiples vulnérabilités ont été découvertes dans Adobe Acrobat et Adobe Reader :
- plusieurs erreurs dans la validation des données permettent une exécution, locale ou à distance, de code arbitraire ;
- deux erreurs dans le traitement de certaines données par le gestionnaire de téléchargement d'Adobe Reader permettent de modifier les options de sécurité de l'utilisateur pendant le processus de téléchargement ;
- une erreur dans la traitement de données par une méthode JavaScript permet une exécution de code arbitraire à distance ;
- une vulnérabilité non documentée permet une élévation de privilèges ;
- une vulnérabilité permet un déni de service via un document PDF spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader 8.x.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat 3D 3.x ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat 8.x ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat 8 Professional ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Acrobat et\nAdobe Reader :\n\n- plusieurs erreurs dans la validation des donn\u00e9es permettent une\n ex\u00e9cution, locale ou \u00e0 distance, de code arbitraire ;\n- deux erreurs dans le traitement de certaines donn\u00e9es par le\n gestionnaire de t\u00e9l\u00e9chargement d\u0027Adobe Reader permettent de modifier\n les options de s\u00e9curit\u00e9 de l\u0027utilisateur pendant le processus de\n t\u00e9l\u00e9chargement ;\n- une erreur dans la traitement de donn\u00e9es par une m\u00e9thode JavaScript\n permet une ex\u00e9cution de code arbitraire \u00e0 distance ;\n- une vuln\u00e9rabilit\u00e9 non document\u00e9e permet une \u00e9l\u00e9vation de privil\u00e8ges\n ;\n- une vuln\u00e9rabilit\u00e9 permet un d\u00e9ni de service via un document PDF\n sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-4814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
},
{
"name": "CVE-2008-4817",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
},
{
"name": "CVE-2008-4816",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4816"
},
{
"name": "CVE-2008-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
},
{
"name": "CVE-2008-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
},
{
"name": "CVE-2008-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
},
{
"name": "CVE-2008-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
},
{
"name": "CVE-2008-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
}
],
"initial_release_date": "2008-11-06T00:00:00",
"last_revision_date": "2008-11-06T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-19 du 04 novembre 2008 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
}
],
"reference": "CERTA-2008-AVI-541",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent les produits Adobe Acrobat et Adobe\nReader permettant, entre autres, \u00e0 une personne malveillante d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Acrobat et Adobe Reader",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb08-19 du 4 novembre 2008",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…