Adobe vuln. The government gets involved

Published 25 September 07 09:39 AM | rodtrent
National Cyber-Alert System
Vulnerability Summary CVE-2007-5020

Original release date: 9/21/2007
Last revised: 9/24/2007
Source: US-CERT/NIST

 

Overview


Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.

 

Impact


CVSS Severity (version 2.0):
CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0

Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service

 

References to Advisories, Solutions, and Tools


External Source:  BUGTRAQ (disclaimer)

Name: 20070920 0day: PDF pwns Windows

 

Hyperlink: http://www.securityfocus.com/archive/1/archive/1/480080/100/0/threaded

 

External Source: (disclaimer)

Hyperlink: http://www.gnucitizen.org/blog/0day-pdf-pwns-windows

 

Vulnerable software and versions


 

Configuration 1
−  Adobe, Acrobat, 8.1, Windows 
−  Adobe, Reader, 8.1, Windows 

 

Technical Details


Vulnerability Type (View All)
Code Injection  CWE-94

Vulnerability Type (View All)
Insufficient Information  NVD-CWE-noinfo

CVE Standard Vulnerability Entry:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5020

 

Common Platform Enumeration:

http://nvd.nist.gov/cpe.cfm?cvename=CVE-2007-5020

Filed under: ,

Comments

No Comments

This Blog

News

    Ni Hao! Wo shi Rod.



    The Bruce Campbell Fan Store



    Proud member of the myITforum Network



Community

Things I've done

myITforum.com

Things I do

Blog Roll

Syndication