| 概要 | The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. |
|---|---|
| 概要 | Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Critical vulnerabilities have been identified in Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. This update represents the second quarterly security update for Adobe Reader and Acrobat. Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX. Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh, and UNIX |
| 概要 | Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Solution Adobe Reader Adobe Reader users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows. Adobe Reader users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh. Adobe Reader users on UNIX can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix. Acrobat Acrobat Standard and Pro users on Windows can find the appropriate update here: Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows Acrobat 3D users on Windows can find the appropriate update here: Acrobat Pro users on Macintosh can find the appropriate update here: |
| 公表日 | 2009年10月20日7:30 |
| 登録日 | 2021年1月29日13:22 |
| 最終更新日 | 2018年10月31日1:25 |
| CVSS2.0 : HIGH | |
| スコア | 9.3 |
|---|---|
| ベクター | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 中 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | 高 |
| 可用性への影響(A) | 高 |
| 全ての特権を取得 | いいえ |
| ユーザー権限を取得 | いいえ |
| その他の権限を取得 | いいえ |
| ユーザー操作が必要 | はい |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* | 9.1.3 | ||||
| 構成2 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* | 9.1.3 | ||||