[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2993

Date: (C)2009-10-19   (M)2017-12-09 


The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1023007
BID-36638
BID-36664
ADV-2009-2898
TA09-286B
VU#257117
http://www.adobe.com/support/security/bulletins/apsb09-15.html

CPE    48
cpe:/a:adobe:acrobat_reader:8.1.3
cpe:/a:adobe:acrobat_reader:8.1.5
cpe:/a:adobe:acrobat_reader:8.1.4
cpe:/a:adobe:acrobat_reader:8.1.6
...
CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:18668
oval:org.mitre.oval:def:5822
oval:org.secpod.oval:def:18679
oval:org.secpod.oval:def:400086
...

© 2013 SecPod Technologies