Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-2993 | First vendor Publication | 2009-10-19 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5822 | |||
| Oval ID: | oval:org.mitre.oval:def:5822 | ||
| Title: | Adobe Reader and Acrobat cause Multiple Vulnerabilities | ||
| Description: | The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2993 | Version: | 16 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-27 | Name : Gentoo Security Advisory GLSA 200910-03 (acroread) File : nvt/glsa_200910_03.nasl |
| 2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja) File : nvt/suse_sa_2009_049.nasl |
| 2009-10-22 | Name : Adobe Reader Multiple Vulnerabilities - Oct09 (Linux) File : nvt/gb_adobe_prdts_mult_vuln_oct09_lin.nasl |
| 2009-10-22 | Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win) File : nvt/gb_adobe_prdts_mult_vuln_oct09_win.nasl |
| 2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1499 File : nvt/RHSA_2009_1499.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 58908 | Adobe Reader / Acrobat Multiple Unspecified Validation Weakness Arbitrary Cod... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Adobe Acrobat Reader doc.export arbitrary file write attempt RuleID : 16324 - Revision : 12 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6582.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6583.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6584.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6585.nasl - Type : ACT_GATHER_INFO |
| 2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-6588.nasl - Type : ACT_GATHER_INFO |
| 2009-10-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200910-03.nasl - Type : ACT_GATHER_INFO |
| 2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-091022.nasl - Type : ACT_GATHER_INFO |
| 2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-091022.nasl - Type : ACT_GATHER_INFO |
| 2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-091022.nasl - Type : ACT_GATHER_INFO |
| 2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-091022.nasl - Type : ACT_GATHER_INFO |
| 2009-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1499.nasl - Type : ACT_GATHER_INFO |
| 2009-10-14 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb09-15.nasl - Type : ACT_GATHER_INFO |
| 2009-10-14 | Name : The PDF file viewer on the remote Windows host is affected by a memory corrup... File : adobe_reader_apsb09-15.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:10:09 |
|
| 2024-11-28 12:19:43 |
|
| 2024-10-12 01:11:50 |
|
| 2024-09-06 01:11:25 |
|
| 2024-07-20 01:10:55 |
|
| 2022-10-19 01:08:55 |
|
| 2021-05-04 12:10:01 |
|
| 2021-04-22 01:10:24 |
|
| 2020-05-23 01:40:48 |
|
| 2020-05-23 00:24:14 |
|
| 2018-11-30 12:02:55 |
|
| 2018-10-31 00:19:58 |
|
| 2017-09-19 09:23:22 |
|
| 2016-06-28 17:48:41 |
|
| 2016-04-26 19:04:18 |
|
| 2014-02-17 10:51:25 |
|
| 2014-01-19 21:26:08 |
|
| 2013-05-10 23:56:15 |
|
