CVE-2003-0284 — Adobe Acrobat vulnerability

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 20.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat

Timeline

PublishedJun 16

Latest updateApr 29

Description

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDadobe/acrobat5.0

Patches

Patch: www.adobe.com ↗Patch: www.kb.cert.org ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-j956-ppv6-qqfq: Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder th↗2022-04-29

▶