10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.137 Low
EPSS
Percentile
95.7%
An iDEFENSE security advisory reports:
Remote exploitation of an input validation error in the
uudecoding feature of Adobe Acrobat Reader (Unix) 5.0
allows an attacker to execute arbitrary code.
The Unix and Linux versions of Adobe Acrobat Reader 5.0
automatically attempt to convert uuencoded documents
back into their original format. The vulnerability
specifically exists in the failure of Acrobat Reader to
check for the backtick shell metacharacter in the filename
before executing a command with a shell. This allows a
maliciously constructed filename to execute arbitrary
programs.