Vulnerability Details : CVE-2007-5663

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
Publish Date : 2008-02-12 Last Update Date : 2017-09-28

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	Admin
Vulnerability Type(s)	Execute Code
CWE ID	94

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	critical			2008-02-12	2008-02-08

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that...	oval:org.mitre.oval:def:9928	unix
ELSA-2008:0144: acroread security update (Critical)	oval:org.mitre.oval:def:22416	unix
RHSA-2008:0144: acroread security update (Critical)	oval:com.redhat.rhsa:def:20080144	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2007-5663

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Adobe	Acrobat	8.1.1				Version Details Vulnerabilities
2	Application	Adobe	Acrobat Reader	8.1.1				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Adobe	Acrobat	1
Adobe	Acrobat Reader	1

- References For CVE-2007-5663

http://www.vupen.com/english/advisories/2008/1966/references
VUPEN ADV-2008-1966

http://www.us-cert.gov/cas/techalerts/TA08-043A.html
CERT TA08-043A

http://www.redhat.com/support/errata/RHSA-2008-0144.html
REDHAT RHSA-2008:0144

http://www.kb.cert.org/vuls/id/140129
CERT-VN VU#140129

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
SUNALERT 239286

http://www.adobe.com/support/security/advisories/apsa08-01.html CONFIRM

http://www.adobe.com/support/security/bulletins/apsb08-13.html CONFIRM

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656
IDEFENSE 20080208 Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability

http://security.gentoo.org/glsa/glsa-200803-01.xml
GENTOO GLSA-200803-01

- Metasploit Modules Related To CVE-2007-5663

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)