Lucene search

K

[email protected]NVD:CVE-2010-1239

HistoryApr 05, 2010 - 3:30 p.m.

CVE-2010-1239

2010-04-0515:30:01

CWE-94

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain “/Type /Action /S /Launch” sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified “/Launch /Action” sequence, a related issue to CVE-2009-0836.

Affected configurations

NVD

Node

foxitsoftwarefoxit_readerRange≤3.2.0.0303

OR

foxitsoftwarefoxit_readerMatch2.3

OR

foxitsoftwarefoxit_readerMatch3.0

OR

foxitsoftwarefoxit_readerMatch3.1.0.0824

OR

foxitsoftwarefoxit_readerMatch3.1.1.0901

OR

foxitsoftwarefoxit_readerMatch3.1.1.0928

OR

foxitsoftwarefoxit_readerMatch3.1.3.1030

References

blog.didierstevens.com/2010/03/29/escape-from-pdf/

blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/

www.f-secure.com/weblog/archives/00001923.html

www.foxitsoftware.com/announcements/2010420408.html

www.foxitsoftware.com/pdf/reader/security.htm#0401

www.kb.cert.org/vuls/id/570177

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

Related for NVD:CVE-2010-1239

cvelist2 prion2 cve2 openvas4 nessus2 canvas1 nvd1 checkpoint_advisories1 coresecurity1 seebug1