Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0434

8 documents8 sources

Severity

7.5HIGH

EPSS

29.9%

top 3.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Acrobat Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +4 more

Timeline

PublishedJul 24

Latest updateApr 29

Description

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶NVDadobe/acrobat5.0.6

▶Debianxpdf< 2.02pl1-1+3

▶NVDxpdf/xpdf1.1

▶NVDredhat/linux5 versions+4

▶NVDmandrakesoft/mandrake_linux9.0, 9.1+1

Also affects: Enterprise Linux 2.1

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-857w-p662-mpmp: Various PDF viewers including (1) Adobe Acrobat 5↗2022-04-29

▶

OSV

CVE-2003-0434: Various PDF viewers including (1) Adobe Acrobat 5↗2003-07-24

▶

CVEList

CVE-2003-0434: Various PDF viewers including (1) Adobe Acrobat 5↗2003-06-18

▶

💥Exploits & PoCs

Exploit-DB

Adobe Acrobat Reader (UNIX) 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution↗2003-06-13

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-06-13

▶

Debian

CVE-2003-0434: xpdf - Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow rem...↗2003

▶

💬Community

Bugzilla

CVE-2003-0434 security flaw↗2018-08-16

▶