Cyber Resilience

CVE-2008-0655

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 07 February 2008

Published
07 February 2008
Modified
21 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.6729 98.6th percentile
Risk Priority 78 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2008-0655 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Adobe Acrobat. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2008-0655 affects Adobe Reader and Acrobat versions prior to 8.1.2 and consists of multiple unspecified vulnerabilities that carry unknown impact and attack vectors. The issue is assigned CWE-200 and receives a CVSS 3.1 base score of 8.8, reflecting network attack reachability, low complexity, no required privileges, and required user interaction that can still result in complete loss of confidentiality, integrity, and availability.

An attacker positioned on the network can supply malicious input that triggers the flaws once a user opens or interacts with a crafted document, potentially allowing arbitrary code execution or information disclosure within the affected Adobe applications.

Advisories and vendor references, including Adobe’s release notes for Reader 8.1.2 and corresponding Secunia and distribution security announcements, indicate that upgrading to version 8.1.2 or later eliminates the vulnerabilities.

No information on observed in-the-wild exploitation is supplied in the source references.

EU & UK References

Vulnerability details

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
acrobat
≤ 8.1.2
adobe
acrobat reader
≤ 8.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification and installation of vendor patches that eliminate the unspecified flaws in Adobe Reader/Acrobat < 8.1.2.

prevent

Enforces configuration settings that mandate only approved, patched versions of Acrobat/Reader are installed and executed.

prevent

Restricts installation or execution of the vulnerable Adobe application to only those systems where it is explicitly required, reducing attack surface.

References