CVE-2010-1239

Опубликовано: 05 апр. 2010

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

Ссылки

http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
Exploit
http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/
Exploit
http://www.f-secure.com/weblog/archives/00001923.html
http://www.foxitsoftware.com/announcements/2010420408.html
Patch
Vendor Advisory
http://www.foxitsoftware.com/pdf/reader/security.htm#0401
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/570177
Patch
US Government Resource
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
Exploit
http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/
Exploit
http://www.f-secure.com/weblog/archives/00001923.html
http://www.foxitsoftware.com/announcements/2010420408.html
Patch
Vendor Advisory
http://www.foxitsoftware.com/pdf/reader/security.htm#0401
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/570177
Patch
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:foxitsoftware:foxit_reader:*:*:*:*:*:*:*:*

Версия до 3.2.0.0303 (включая)

cpe:2.3:a:foxitsoftware:foxit_reader:2.3:*:*:*:*:*:*:*

cpe:2.3:a:foxitsoftware:foxit_reader:3.0:*:*:*:*:*:*:*

cpe:2.3:a:foxitsoftware:foxit_reader:3.1.0.0824:*:*:*:*:*:*:*

cpe:2.3:a:foxitsoftware:foxit_reader:3.1.1.0901:*:*:*:*:*:*:*

cpe:2.3:a:foxitsoftware:foxit_reader:3.1.1.0928:*:*:*:*:*:*:*

cpe:2.3:a:foxitsoftware:foxit_reader:3.1.3.1030:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04996

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-54xc-2c9p-qfwj

github

почти 4 года назад