rhsa-2008_0974
Vulnerability from csaf_redhat
Published
2008-11-12 17:26
Modified
2024-11-14 10:06
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0974",
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:06:43+00:00",
"generator": {
"date": "2024-11-14T10:06:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2008:0974",
"initial_release_date": "2008-11-12T17:26:00+00:00",
"revision_history": [
{
"date": "2008-11-12T17:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-12T12:26:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:06:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-0:8.1.3-1.el5.i386",
"product_id": "acroread-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-0:8.1.3-1.el4.i386",
"product_id": "acroread-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.i386",
"product_id": "acroread-plugin-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.i386",
"product": {
"name": "acroread-0:8.1.3-1.i386",
"product_id": "acroread-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2549",
"discovery_date": "2008-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450078"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: crash and possible code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2549"
},
{
"category": "external",
"summary": "RHBZ#450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
}
],
"release_date": "2008-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: crash and possible code execution"
},
{
"cve": "CVE-2008-2992",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469877"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: JavaScript util.printf() function buffer overflow",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2992"
},
{
"category": "external",
"summary": "RHBZ#469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: JavaScript util.printf() function buffer overflow"
},
{
"cve": "CVE-2008-4812",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469875"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: embedded font handling out-of-bounds array indexing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4812"
},
{
"category": "external",
"summary": "RHBZ#469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: embedded font handling out-of-bounds array indexing"
},
{
"cve": "CVE-2008-4813",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469876"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4813"
},
{
"category": "external",
"summary": "RHBZ#469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
},
{
"cve": "CVE-2008-4814",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469880"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: arbitrary code execution via unspecified JavaScript method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4814"
},
{
"category": "external",
"summary": "RHBZ#469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: arbitrary code execution via unspecified JavaScript method"
},
{
"cve": "CVE-2008-4815",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469882"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: insecure RPATH flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4815"
},
{
"category": "external",
"summary": "RHBZ#469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Reader: insecure RPATH flaw"
},
{
"cve": "CVE-2008-4817",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469923"
}
],
"notes": [
{
"category": "description",
"text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: Download Manager input validation flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4817"
},
{
"category": "external",
"summary": "RHBZ#469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: Download Manager input validation flaw"
},
{
"cve": "CVE-2009-0927",
"discovery_date": "2009-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618340"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0927"
},
{
"category": "external",
"summary": "RHBZ#1618340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.