CVE-2009-2993

2009-10-1900:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.297

Percentile

97.0%

JSON

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before
7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the
(1) Privileged Context and (2) Safe Path restrictions for unspecified
JavaScript methods, which allows remote attackers to create arbitrary
files, and possibly execute arbitrary code, via the cPath parameter in a
crafted PDF file. NOTE: some of these details are obtained from third
party information.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchacroread< 9.2-1UNKNOWN
ubuntu8.10noarchacroread< 9.2-1intrepid2UNKNOWN
ubuntu9.04noarchacroread< 9.2-1jaunty1UNKNOWN
ubuntu9.10noarchacroread< 9.2-1karmic1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	acroread	< 9.2-1	UNKNOWN
ubuntu	8.10	noarch	acroread	< 9.2-1intrepid2	UNKNOWN
ubuntu	9.04	noarch	acroread	< 9.2-1jaunty1	UNKNOWN
ubuntu	9.10	noarch	acroread	< 9.2-1karmic1	UNKNOWN