CVE-2007-5659

HIGH KEV

Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via Long JavaScript Method Arguments

Title source: llm

Exploitation Summary

CVE-2007-5659 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022. EIP tracks 3 public exploits from researchers including Metasploit, Paul Craig, MC, including a Metasploit module exploits/windows/fileformat/adobe_collectemailinfo.

AI-analyzed exploit summary This exploit leverages a buffer overflow in Adobe Reader and Acrobat Professional 8.1.1 via a malformed Collab.collectEmailInfo() call in a crafted PDF. It uses JavaScript obfuscation and heap spraying to achieve remote code execution.

Description

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16674

View Code ZIP pw:eip

This exploit leverages a buffer overflow in Adobe Reader and Acrobat Professional 8.1.1 via a malformed Collab.collectEmailInfo() call in a crafted PDF. It uses JavaScript obfuscation and heap spraying to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Reader v8.1.1, Adobe Acrobat Professional v8.1.1

No auth needed

Prerequisites: Victim must open the malicious PDF file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Paul Craig · textdoswindows

https://www.exploit-db.com/exploits/31114

View Code ZIP pw:eip

This exploit leverages a heap spray technique to trigger a buffer overflow in Adobe Acrobat/Reader via the `Collab.collectEmailInfo` method, allowing arbitrary code execution. The PoC uses a NOP sled (`%u9090`) and a placeholder shellcode (`%ucccc`).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Acrobat and Reader < 8.1.2

No auth needed

Prerequisites: Victim must open a malicious PDF file · JavaScript must be enabled in Adobe Reader

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Adobe Reader/Acrobat 8.1.1 via a malformed Collab.collectEmailInfo() call in a crafted PDF. It generates a PDF with embedded JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Reader and Adobe Acrobat Professional 8.1.1

No auth needed

Prerequisites: Victim must open the malicious PDF file

MITRE ATT&CK