|
1 | | -[id] |
2 | | -ave_id = "AVE-2008-0003" |
3 | | -cve_id = "CVE-2008-2992" |
4 | | -aliases = ["CVE-2008-2992"] |
5 | | - |
6 | 1 | [basic] |
7 | | -title = "Adobe Acrobat/Reader util.printf JavaScript 函数栈缓冲区溢出漏洞" |
8 | | -description = "Adobe Acrobat 和 Reader 8.1.2 及之前版本中存在栈缓冲区溢出漏洞(CWE-119/CWE-787)。该漏洞源于 util.printf JavaScript 函数在处理特制格式字符串参数时存在输入验证缺陷,攻击者可通过构造恶意 PDF 文件并诱导用户打开,触发栈缓冲区溢出,最终实现远程代码执行。该漏洞已被 CISA 列入已知被利用漏洞目录(KEV),影响范围广泛。" |
9 | | -severity = "HIGH" |
10 | | -score = 7.8 |
11 | | -cvss_v3 = "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" |
12 | | -cvss_v2 = "(AV:N/AC:M/Au:N/C:C/I:C/A:C)" |
13 | | -cvss_v2_score = 9.3 |
14 | | -published = "2008-11-04" |
15 | | -updated = "2025-02-10" |
16 | | -sources = ["nvd", "kev", "exploit-db"] |
17 | | -remediation = "升级 Adobe Acrobat 或 Reader 至 8.1.3 及以上版本,参照 APSB08-19 安全公告安装官方补丁。若无法立即升级,建议禁用浏览器中的 PDF 插件或使用替代 PDF 阅读器。" |
18 | | - |
19 | | -[affected] |
20 | | -vendor = "Adobe" |
21 | | -product = "Acrobat and Reader" |
22 | | - |
23 | | -[references] |
24 | | -urls = [ |
25 | | - "https://nvd.nist.gov/vuln/detail/CVE-2008-2992", |
26 | | - "http://www.adobe.com/support/security/bulletins/apsb08-19.html", |
27 | | - "http://www.coresecurity.com/content/adobe-reader-buffer-overflow", |
28 | | - "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-2992", |
29 | | - "http://www.securityfocus.com/bid/30035", |
30 | | - "http://www.zerodayinitiative.com/advisories/ZDI-08-072/", |
31 | | - "http://www.kb.cert.org/vuls/id/593409" |
32 | | -] |
| 2 | +description = "" |
| 3 | +published = "" |
| 4 | +remediation = "Refer to vendor advisory and upgrade to fixed version." |
| 5 | +score = 0.0 |
| 6 | +severity = "UNKNOWN" |
| 7 | +sources = ["kev"] |
| 8 | +title = "CVE-2008-2992 漏洞" |
| 9 | +updated = "" |
33 | 10 |
|
34 | 11 | [exploit] |
35 | | -poc_urls = [ |
36 | | - "https://www.exploit-db.com/exploits/6994", |
37 | | - "https://www.exploit-db.com/exploits/7006" |
38 | | -] |
39 | | -exp_urls = [ |
40 | | - "https://www.exploit-db.com/exploits/7006" |
41 | | -] |
42 | | -nuclei_templates = [] |
| 12 | +exp_urls = [] |
| 13 | +poc_urls = [] |
| 14 | + |
| 15 | +[id] |
| 16 | +aliases = ["CVE-2008-2992"] |
| 17 | +ave_id = "AVE-2008-0003" |
| 18 | +cve_id = "CVE-2008-2992" |
43 | 19 |
|
44 | 20 | [meta] |
| 21 | +collected_at = "2026-07-10T22:44:36.492552111+00:00" |
45 | 22 | status = "completed" |
46 | | -collected_at = "2026-07-10T12:52:03.177870032Z" |
47 | | -authenticity = { confidence = "high", evidence = "CISA KEV confirmed active exploitation, public PoC/EXP available" } |
| 23 | + |
| 24 | +[references] |
| 25 | +urls = [] |
0 commit comments