CVE-2009-2993 Information
Description
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4 8.x before 8.1.7 and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods which allows remote attackers to create arbitrary files and possibly execute arbitrary code via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
Reference
http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.kb.cert.org/vuls/id/257117 http://www.securityfocus.com/bid/36638 http://www.securityfocus.com/bid/36664 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5822
Share on: