CVE-2010-1240 - OpenCVE

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Acrobat Reader
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

References

Link	Resource
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/	Exploit
http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/
http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html
http://www.securitytracker.com/id?1024159
http://www.us-cert.gov/cas/techalerts/TA10-231A.html	US Government Resource
http://www.vupen.com/english/advisories/2010/1636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-04-05T15:15:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-04-05T00:00:00

Link: CVE-2010-1240

JSON object: View

NVD Information

Status : Modified

Published: 2010-04-05T15:30:01.313

Modified: 2017-09-19T01:30:38.207

Link: CVE-2010-1240

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-1636", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1636"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/"}, {"name": "TA10-231A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"}, {"name": "1024159", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024159"}, {"name": "[dailydave] 20100401 0day, it may not be", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/"}, {"name": "oval:org.mitre.oval:def:7466", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-1636", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1636"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"}, {"name": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/", "refsource": "MISC", "url": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/"}, {"name": "TA10-231A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"}, {"name": "1024159", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024159"}, {"name": "[dailydave] 20100401 0day, it may not be", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html"}, {"name": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/", "refsource": "MISC", "url": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/"}, {"name": "oval:org.mitre.oval:def:7466", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1240", "datePublished": "2010-04-05T15:15:00", "dateReserved": "2010-04-05T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "39EDED39-664F-4B68-B422-2CCCA3B83550", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message."}, {"lang": "es", "value": "Reader y Acrobat de Adobe versiones 9.x anteriores a 9.3.3, y versiones 8.x anteriores a 8.2.3, sobre Windows y Mac OS X, no restringen el contenido de un campo de texto en el cuadro de di\u00e1logo de advertencia Iniciar Archivo, lo que facilita a los atacantes remotos enga\u00f1ar a los usuarios para que ejecuten un programa local arbitrario que se especific\u00f3 en un documento PDF, como es demostrado por un campo de texto que afirma que el bot\u00f3n Abrir permitir\u00e1 al usuario leer un mensaje cifrado."}], "id": "CVE-2010-1240", "lastModified": "2017-09-19T01:30:38.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-04-05T15:30:01.313", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/"}, {"source": "cve@mitre.org", "url": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/"}, {"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024159"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/1636"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}