[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2993

Date: (C)2009-10-19   (M)2017-09-22
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.

Reference:
SECTRACK-1023007
BID-36638
BID-36664
ADV-2009-2898
TA09-286B
VU#257117
http://www.adobe.com/support/security/bulletins/apsb09-15.html

CPE    48
cpe:/a:adobe:acrobat_reader:8.1.3
cpe:/a:adobe:acrobat_reader:9.1
cpe:/a:adobe:acrobat_reader:9.0
cpe:/a:adobe:acrobat:9.1.3
...
CWE    1
CWE-20
OVAL    4
oval:org.mitre.oval:def:5822
oval:org.secpod.oval:def:18668
oval:org.secpod.oval:def:18679
oval:org.secpod.oval:def:400086
...

© 2013 SecPod Technologies