Lucene search

[email protected]NVD:CVE-2009-2993

HistoryOct 19, 2009 - 10:30 p.m.

CVE-2009-2993

2009-10-1922:30:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.297

Percentile

97.0%

JSON

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

adobeacrobatRange≤9.1.3

adobeacrobatMatch7.0

adobeacrobatMatch7.0.1

adobeacrobatMatch7.0.2

adobeacrobatMatch7.0.3

adobeacrobatMatch7.0.4

adobeacrobatMatch7.0.5

adobeacrobatMatch7.0.6

adobeacrobatMatch7.0.7

adobeacrobatMatch7.0.8

adobeacrobatMatch7.0.9

adobeacrobatMatch7.1.0

adobeacrobatMatch7.1.1

adobeacrobatMatch7.1.3

adobeacrobatMatch8.0

adobeacrobatMatch8.1

adobeacrobatMatch8.1.1

adobeacrobatMatch8.1.2

adobeacrobatMatch8.1.3

adobeacrobatMatch8.1.4

adobeacrobatMatch8.1.6

adobeacrobatMatch9.0

adobeacrobatMatch9.1.1

adobeacrobatMatch9.1.2

Node

adobeacrobat_readerRange≤9.1.3

adobeacrobat_readerMatch7.0

adobeacrobat_readerMatch7.0.1

adobeacrobat_readerMatch7.0.2

adobeacrobat_readerMatch7.0.3

adobeacrobat_readerMatch7.0.4

adobeacrobat_readerMatch7.0.5

adobeacrobat_readerMatch7.0.6

adobeacrobat_readerMatch7.0.7

adobeacrobat_readerMatch7.0.8

adobeacrobat_readerMatch7.0.9

adobeacrobat_readerMatch7.1.0

adobeacrobat_readerMatch7.1.1

adobeacrobat_readerMatch7.1.3

adobeacrobat_readerMatch8.0

adobeacrobat_readerMatch8.1

adobeacrobat_readerMatch8.1.1

adobeacrobat_readerMatch8.1.2

adobeacrobat_readerMatch8.1.3

adobeacrobat_readerMatch8.1.4

adobeacrobat_readerMatch8.1.5

adobeacrobat_readerMatch8.1.6

adobeacrobat_readerMatch9.0

adobeacrobat_readerMatch9.1

adobeacrobat_readerMatch9.1.1

adobeacrobat_readerMatch9.1.2

References

securitytracker.com/id?1023007

www.adobe.com/support/security/bulletins/apsb09-15.html

www.kb.cert.org/vuls/id/257117

www.securityfocus.com/bid/36638

www.securityfocus.com/bid/36664

www.us-cert.gov/cas/techalerts/TA09-286B.html

www.vupen.com/english/advisories/2009/2898

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5822

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.297

Percentile

97.0%

JSON

Related for NVD:CVE-2009-2993

prion1 cvelist1 ubuntucve1 cve1 checkpoint_advisories1 cert1 openvas8 redhat1 nessus13 seebug1 gentoo1 suse1