CVE-2007-5020

EXPLOITED

Adobe Acrobat and Reader 8.1 - Remote Code Execution via Crafted PDF File

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2007-5020 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36722
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/480080/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3392
Various Sources x_refsource_misc
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-297B.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018723
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25748

Scores

EPSS 0.2097
EPSS Percentile 97.3%

Details

VulnCheck KEV 2007-10-26
CWE
CWE-94
Status published
Products (2)
adobe/acrobat 8.1
adobe/acrobat_reader 8.1
Published Sep 21, 2007
Tracked Since Feb 18, 2026