CVE-2008-5409

Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/32396	Exploit
http://secunia.com/advisories/32789	Vendor Advisory
http://secunia.com/advisories/32814	Vendor Advisory
http://osvdb.org/50205
http://milw0rm.com/sploits/2008-BitDefenderDOS.zip
http://osvdb.org/50103
http://secunia.com/advisories/27805	Vendor Advisory
http://osvdb.org/50010
https://exchange.xforce.ibmcloud.com/vulnerabilities/46750
https://www.exploit-db.com/exploits/7178

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:software602:groupware_server:6.0.08.1118:::::::*
	cpe:2.3:a:bitdefender:antivirus:10:_nil_:standard:::::*
	cpe:2.3:a:bullguard:internet_security:8.5:::::::*
	cpe:2.3:a:bitdefender:bitdefender:10:_nil_:free_edition:::::*

Information

Published : 2008-12-09 22:44

Updated : 2017-10-18 18:30

NVD link : CVE-2008-5409

Mitre link : CVE-2008-5409

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

bullguard

internet_security

bitdefender

antivirus
bitdefender

software602

groupware_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/32396", "name": "32396", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/32789", "name": "32789", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32814", "name": "32814", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/50205", "name": "50205", "tags": [], "refsource": "OSVDB"}, {"url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip", "name": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip", "tags": [], "refsource": "MISC"}, {"url": "http://osvdb.org/50103", "name": "50103", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/27805", "name": "27805", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/50010", "name": "50010", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750", "name": "bitdefender-pdf-dos(46750)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/7178", "name": "7178", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-5409", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-12-10T06:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:software602:groupware_server:6.0.08.1118:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bitdefender:antivirus:10:_nil_:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bullguard:internet_security:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:10:_nil_:free_edition:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-19T01:30Z"}