CVE-2009-2993
Description
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
9.132
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Acrobat Reader 9.1.3 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-315465 | Adobe Acrobat Reader MUI DC (Classic Track) update - All languages (15.006.30527) (APSB20-48) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234