CVE-2008-4815 : Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlie

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.

Published 2008-11-05 15:00:15

Updated 2018-10-30 16:25:43

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-4815

Adobe » Acrobat Reader
Versions up to, including, (<=) 8.0
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Matching versions
When used together with: Unix » Unix
Adobe » Acrobat » Update Unknown Standard Edition
Versions up to, including, (<=) 8.1.2
cpe:2.3:a:adobe:acrobat:*:unknown:standard:*:*:*:*:*
Matching versions
When used together with: Unix » Unix
Adobe » Acrobat » Update Unknown 3D Edition
Versions up to, including, (<=) 8.1.2
cpe:2.3:a:adobe:acrobat:*:unknown:3d:*:*:*:*:*
Matching versions
When used together with: Unix » Unix
Adobe » Acrobat » Update Unknown Professional Edition
Versions up to, including, (<=) 8.1.2
cpe:2.3:a:adobe:acrobat:*:unknown:professional:*:*:*:*:*
Matching versions
When used together with: Unix » Unix
Adobe » Acrobat » Version: 8.1.1
cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Unix » Unix
Adobe » Acrobat » Version: 8.1.1 Update Unknown Professional Edition
cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:*:*:*:*:*
Matching versions
When used together with: Unix » Unix
Adobe » Acrobat » Version: 8.1.1 Update Unknown 3D Edition
cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:*:*:*:*:*
Matching versions
When used together with: Unix » Unix
Adobe » Acrobat » Version: 8.1.1 Update Unknown Standard Edition
cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:*:*:*:*:*
Matching versions
When used together with: Unix » Unix

Exploit prediction scoring system (EPSS) score for CVE-2008-4815

EPSS FAQ

5.71%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-4815

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-4815

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-4815

http://www.us-cert.gov/cas/techalerts/TA08-309A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/3001

Site en construction

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0974.html

Support

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/46335
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2008:026 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.adobe.com/support/security/bulletins/apsb08-19.html

Adobe Security Bulletins and Advisories
Patch;Vendor Advisory

CVEs referencing this url
http://download.oracle.com/sunalerts/1019937.1.html

Multiple Security Vulnerabilities in the Adobe Reader May Lead to Execution of Arbitrary Code

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=469882
http://www.securityfocus.com/bid/32100

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/0098

Site en construction

CVEs referencing this url
http://www.securitytracker.com/id?1021140

GoDaddy Domain Name Search

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-4815

Products affected by CVE-2008-4815

Exploit prediction scoring system (EPSS) score for CVE-2008-4815

CVSS scores for CVE-2008-4815

CWE ids for CVE-2008-4815

References for CVE-2008-4815