CVE-2010-1239
Adobe Reader - Escape From '.PDF' Execute Embedded Executable
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.
Foxit Reader anterior a v3.2.1.0401 permite a atacantes remotos (1) ejecutar programas locales de su elección a través de determinadas secuencias "/Type /Action /S /Launch" y (2) ejecutar programas de su elección embebidos en un documento PDF a través de secuencias "/Launch /Action" no especificadas. Relacionado con el CVE-2009-0836.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-03-31 First Exploit
- 2010-04-05 CVE Reserved
- 2010-04-05 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.f-secure.com/weblog/archives/00001923.html | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/11987 | 2010-03-31 | |
| http://blog.didierstevens.com/2010/03/29/escape-from-pdf | 2024-09-16 | |
| http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| http://www.foxitsoftware.com/announcements/2010420408.html | 2010-04-06 | |
| http://www.foxitsoftware.com/pdf/reader/security.htm#0401 | 2010-04-06 | |
| http://www.kb.cert.org/vuls/id/570177 | 2010-04-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | <= 3.2.0.0303 Search vendor "Foxitsoftware" for product "Foxit Reader" and version " <= 3.2.0.0303" | - |
Affected
| ||||||
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 2.3 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "2.3" | - |
Affected
| ||||||
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 3.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "3.0" | - |
Affected
| ||||||
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 3.1.0.0824 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "3.1.0.0824" | - |
Affected
| ||||||
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 3.1.1.0901 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "3.1.1.0901" | - |
Affected
| ||||||
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 3.1.1.0928 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "3.1.1.0928" | - |
Affected
| ||||||
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 3.1.3.1030 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "3.1.3.1030" | - |
Affected
| ||||||