[Forgot Password]
Login  Register Subscribe

24003

 
 

131423

 
 

103942

 
 

909

 
 

83962

 
 

133

Paid content will be excluded from the download.


Download | Alert*
OVAL

Adobe Reader and Acrobat cause Multiple Vulnerabilities

ID: oval:org.mitre.oval:def:5822Date: (C)2009-10-23   (M)2018-03-27
Class: VULNERABILITYFamily: windows




The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.

Platform:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 8.1
Product:
Adobe Reader
Adobe Acrobat
Reference:
CVE-2009-2993
CVE    1
CVE-2009-2993
CPE    30
cpe:/a:adobe:acrobat:7.1.3
cpe:/a:adobe:acrobat:9.1.3
cpe:/a:adobe:acrobat:9.1.2
cpe:/a:adobe:acrobat:9.1.1
...

© 2013 SecPod Technologies