Vulnerability Details : CVE-2007-5659
Public exploit exists!
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
Vulnerability category: Execute code
Products affected by CVE-2007-5659
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
CVE-2007-5659 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Acrobat and Reader Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2007-5659
Added on
2022-06-08
Action due date
2022-06-22
Exploit prediction scoring system (EPSS) score for CVE-2007-5659
95.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-5659
-
Adobe Collab.collectEmailInfo() Buffer Overflow
Disclosure Date: 2008-02-08First seen: 2020-04-26exploit/windows/fileformat/adobe_collectemailinfoThis module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code. Authors: - MC <mc@meta
CVSS scores for CVE-2007-5659
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-12-19 |
CWE ids for CVE-2007-5659
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5659
-
http://www.kb.cert.org/vuls/id/666281
Third Party Advisory;US Government Resource
-
http://www.adobe.com/support/security/advisories/apsa08-01.html
Vendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
Broken Link
-
http://security.gentoo.org/glsa/glsa-200803-01.xml
Adobe Acrobat Reader: Multiple vulnerabilities (GLSA 200803-01) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/30840
About Secunia Research | FlexeraBroken Link
-
http://www.us-cert.gov/cas/techalerts/TA08-043A.html
Broken Link;Third Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9813
Broken Link
-
http://www.vupen.com/english/advisories/2008/1966/references
Site en constructionBroken Link
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657
Broken Link
-
http://secunia.com/advisories/29065
About Secunia Research | FlexeraBroken Link
-
http://www.redhat.com/support/errata/RHSA-2008-0144.html
Broken Link
-
http://secunia.com/advisories/29205
Broken Link
-
http://www.adobe.com/support/security/bulletins/apsb08-13.html
Adobe Security Bulletins and AdvisoriesVendor Advisory
Jump to