[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

Adobe Reader and Acrobat cause Multiple Vulnerabilities

ID: oval:org.mitre.oval:def:5822Date: (C)2009-10-23   (M)2018-06-09
Class: VULNERABILITYFamily: windows




The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.

Platform:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 8.1
Product:
Adobe Reader
Adobe Acrobat
Reference:
CVE-2009-2993
CVE    1
CVE-2009-2993
CPE    30
cpe:/a:adobe:acrobat:7:::x86
cpe:/a:adobe:reader:7:::x86
cpe:/a:adobe:acrobat:7.0.1
cpe:/a:adobe:acrobat:7.1.0
...

© SecPod Technologies