PT-2009-5333 · Adobe · Reader+1
Richard Van Eeden
·
Publicado
2009-10-19
·
Atualizado
2018-10-30
·
CVE-2009-2993
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Adobe Reader and Acrobat versions 7.x through 7.1.3
Adobe Reader and Acrobat versions 8.x through 8.1.6
Adobe Reader and Acrobat versions 9.x through 9.1
Description:
The issue concerns the JavaScript for Acrobat API, which does not properly implement certain restrictions for unspecified JavaScript methods. This allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the
cPath parameter in a crafted PDF file.Recommendations:
For Adobe Reader and Acrobat versions 7.x through 7.1.3, update to version 7.1.4 or later.
For Adobe Reader and Acrobat versions 8.x through 8.1.6, update to version 8.1.7 or later.
For Adobe Reader and Acrobat versions 9.x through 9.1, update to version 9.2 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Acrobat
Reader