NVD

Id
12772  
Name
CVE-2010-1240  
Description
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-18  
Published
2010-04-05  
Modified Date
2012-11-05  
Seq
2010-1240  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
70382 12772 CVE-2010-1240 http://blog.didierstevens.com/2010/03/29/escape-from-pdf/  View
70383 12772 CVE-2010-1240 http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/  View
70384 12772 CVE-2010-1240 [dailydave] 20100401 0day, it may not be  View
70385 12772 CVE-2010-1240 oval:org.mitre.oval:def:7466  View
70386 12772 CVE-2010-1240 http://www.adobe.com/support/security/bulletins/apsb10-15.html  View
70387 12772 CVE-2010-1240 1024159  View
70388 12772 CVE-2010-1240 TA10-231A  View
70389 12772 CVE-2010-1240 ADV-2010-1636  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
35923 JVNDB-2010-001703 Adobe Reader および Acrobat における任意のローカルプログラムを実行させられる脆弱性 Adobe Reader および Acrobat には、Launch ファイルの警告ダイアログ内にある、テキストフィールドのコンテンツを制限しないため、ユーザが PDF ドキュメント内の任意のローカルプログラムを実行させられる脆弱性が存在します。 CVE-2010-1240 43820 CVE-2010-1240 12772 9.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001703.html 2010-04-05 2010-09-01 View