CVE-2008-5331 - Vulnerability Details - OpenCVE

Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00781.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Acrobat

Configuration 1 [-]

OR	cpe:2.3:a:adobe:acrobat:9:::::::*
	cpe:2.3:a:adobe:acrobat:9.0::professional:::::
	cpe:2.3:a:adobe:acrobat:9.0::standard:::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-5308	Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html
http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf
http://www.securityfocus.com/bid/32610
https://www.cve.org/CVERecord?id=CVE-2008-5331

History

Wed, 28 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2008-5331

Thu, 22 May 2025 04:30:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2008-5331 https://www.cve.org/CVERecord?id=CVE-2008-5331

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-05T00:00:00Z

Updated: 2024-09-17T00:42:12.471Z

Reserved: 2008-12-04T00:00:00Z

Link: CVE-2008-5331

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-12-05T00:30:00.440

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5331

Redhat

Severity : Moderate

Publid Date: 2008-12-01T00:00:00Z

Links: CVE-2008-5331 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-12-05T00:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf"}, {"name": "32610", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32610"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5331", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf", "refsource": "MISC", "url": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf"}, {"name": "32610", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32610"}, {"name": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html", "refsource": "CONFIRM", "url": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:49:12.228Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf"}, {"name": "32610", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32610"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5331", "datePublished": "2008-12-05T00:00:00Z", "dateReserved": "2008-12-04T00:00:00Z", "dateUpdated": "2024-09-17T00:42:12.471Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:9:*:*:*:*:*:*:*", "matchCriteriaId": "37AF9870-B9F0-42D2-B2D1-4A7E569A4C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:9.0:*:professional:*:*:*:*:*", "matchCriteriaId": "72CF5F4B-C1D4-4117-A379-14F38B4CAEFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:9.0:*:standard:*:*:*:*:*", "matchCriteriaId": "74B6AF0A-DBEA-4EBD-A528-80AE31386375", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack."}, {"lang": "es", "value": "Adobe Acrobat v9 utiliza un cifrado mas eficiente que en anteriores versiones, lo que permite a atacantes averiguar la contrase\u00f1a de un documento mas f\u00e1cilmente a trav\u00e9s de un ataque de fuerza bruta."}], "id": "CVE-2008-5331", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-05T00:30:00.440", "references": [{"source": "cve@mitre.org", "url": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html"}, {"source": "cve@mitre.org", "url": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32610"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}