{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87520?format=json","vulnerability_id":"VCID-qvut-4qwc-j7bs","summary":"Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.","aliases":[{"alias":"CVE-2008-2992"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/3398?format=json","purl":"pkg:ebuild/app-text/acroread@8.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-text/acroread@8.1.3"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/369372?format=json","purl":"pkg:rpm/redhat/acroread@8.1.3-1?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1beh-rzm1-qygk"},{"vulnerability":"VCID-1gt7-af63-vuhv"},{"vulnerability":"VCID-34ug-8rd5-gqgk"},{"vulnerability":"VCID-5e19-aa48-sfdt"},{"vulnerability":"VCID-7gw1-ypr7-27dp"},{"vulnerability":"VCID-drqy-x5er-pybt"},{"vulnerability":"VCID-pj6w-jsx5-jyg9"},{"vulnerability":"VCID-qvut-4qwc-j7bs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acroread@8.1.3-1%3Farch=el5"},{"url":"http://public2.vulnerablecode.io/api/packages/369373?format=json","purl":"pkg:rpm/redhat/acroread@8.1.3-1?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1beh-rzm1-qygk"},{"vulnerability":"VCID-1gt7-af63-vuhv"},{"vulnerability":"VCID-34ug-8rd5-gqgk"},{"vulnerability":"VCID-5e19-aa48-sfdt"},{"vulnerability":"VCID-7gw1-ypr7-27dp"},{"vulnerability":"VCID-drqy-x5er-pybt"},{"vulnerability":"VCID-pj6w-jsx5-jyg9"},{"vulnerability":"VCID-qvut-4qwc-j7bs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acroread@8.1.3-1%3Farch=el4"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2992.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2992","reference_id":"","reference_type":"","scores":[{"value":"0.93738","scoring_system":"epss","scoring_elements":"0.99862","published_at":"2026-06-14T12:55:00Z"},{"value":"0.93738","scoring_system":"epss","scoring_elements":"0.99861","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2992"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0098","reference_id":"0098","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.vupen.com/english/advisories/2009/0098"},{"reference_url":"http://download.oracle.com/sunalerts/1019937.1.html","reference_id":"1019937.1.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://download.oracle.com/sunalerts/1019937.1.html"},{"reference_url":"http://secunia.com/secunia_research/2008-14/","reference_id":"2008-14","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://secunia.com/secunia_research/2008-14/"},{"reference_url":"http://secunia.com/advisories/29773","reference_id":"29773","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://secunia.com/advisories/29773"},{"reference_url":"http://www.vupen.com/english/advisories/2008/3001","reference_id":"3001","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.vupen.com/english/advisories/2008/3001"},{"reference_url":"http://www.securityfocus.com/bid/30035","reference_id":"30035","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.securityfocus.com/bid/30035"},{"reference_url":"http://www.securityfocus.com/bid/32091","reference_id":"32091","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.securityfocus.com/bid/32091"},{"reference_url":"http://secunia.com/advisories/32700","reference_id":"32700","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://secunia.com/advisories/32700"},{"reference_url":"http://secunia.com/advisories/32872","reference_id":"32872","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://secunia.com/advisories/32872"},{"reference_url":"http://secunia.com/advisories/35163","reference_id":"35163","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://secunia.com/advisories/35163"},{"reference_url":"http://securityreason.com/securityalert/4549","reference_id":"4549","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://securityreason.com/securityalert/4549"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=469877","reference_id":"469877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=469877"},{"reference_url":"http://osvdb.org/49520","reference_id":"49520","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://osvdb.org/49520"},{"reference_url":"http://www.kb.cert.org/vuls/id/593409","reference_id":"593409","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.kb.cert.org/vuls/id/593409"},{"reference_url":"https://www.exploit-db.com/exploits/6994","reference_id":"6994","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"https://www.exploit-db.com/exploits/6994"},{"reference_url":"https://www.exploit-db.com/exploits/7006","reference_id":"7006","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"https://www.exploit-db.com/exploits/7006"},{"reference_url":"http://www.coresecurity.com/content/adobe-reader-buffer-overflow","reference_id":"adobe-reader-buffer-overflow","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.coresecurity.com/content/adobe-reader-buffer-overflow"},{"reference_url":"http://www.adobe.com/support/security/bulletins/apsb08-19.html","reference_id":"apsb08-19.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.adobe.com/support/security/bulletins/apsb08-19.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/16504.rb","reference_id":"CVE-2008-2992;OSVDB-49520","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/16504.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/16624.rb","reference_id":"CVE-2008-2992;OSVDB-49520","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/16624.rb"},{"reference_url":"https://security.gentoo.org/glsa/200901-09","reference_id":"GLSA-200901-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200901-09"},{"reference_url":"http://www.securitytracker.com/id?1021140","reference_id":"id?1021140","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.securitytracker.com/id?1021140"},{"reference_url":"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801","reference_id":"main.jsp?cscat=BLTNDETAIL&id=800801","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801"},{"reference_url":"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609","reference_id":"main.jsp?cscat=BLTNDETAIL&id=909609","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=909609"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/6994.txt","reference_id":"OSVDB-49520;CVE-2008-2992","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/6994.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/7006.txt","reference_id":"OSVDB-49520;CVE-2008-2992","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/7006.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0974","reference_id":"RHSA-2008:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0974"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2008-0974.html","reference_id":"RHSA-2008-0974.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2008-0974.html"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA08-309A.html","reference_id":"TA08-309A.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.us-cert.gov/cas/techalerts/TA08-309A.html"},{"reference_url":"http://www.securityfocus.com/archive/1/498027/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.securityfocus.com/archive/1/498027/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/498032/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.securityfocus.com/archive/1/498032/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/498055/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.securityfocus.com/archive/1/498055/100/0/threaded"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-08-072/","reference_id":"ZDI-08-072","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-10T19:27:56Z/"}],"url":"http://www.zerodayinitiative.com/advisories/ZDI-08-072/"}],"weaknesses":[],"exploits":[{"date_added":null,"description":"This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional\n          < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf()\n          entry, an attacker may be able to execute arbitrary code.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2008-02-08","exploit_type":null,"platform":"Windows","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/fileformat/adobe_utilprintf.rb"},{"date_added":"2008-11-04","description":"Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2008-11-05","exploit_type":"local","platform":"windows","source_date_updated":null,"data_source":"Exploit-DB","source_url":""},{"date_added":"2022-03-03","description":"Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.","required_action":"Apply updates per vendor instructions.","due_date":"2022-03-24","notes":"https://nvd.nist.gov/vuln/detail/CVE-2008-2992","known_ransomware_campaign_use":true,"source_date_published":null,"exploit_type":null,"platform":null,"source_date_updated":null,"data_source":"KEV","source_url":null}],"severity_range_score":"7.8 - 7.8","exploitability":"2.0","weighted_severity":"7.0","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvut-4qwc-j7bs"}