Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1240 — Adobe Acrobat Reader vulnerability

CWE-26413 documents8 sources

Severity

9.3CRITICALNVD

EPSS

91.4%

top 0.34%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Acrobat Reader

Timeline

PublishedApr 5

Latest updateMay 2

Description

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/acrobat_reader9.3.1

🔴Vulnerability Details

GHSA

GHSA-r9c9-qvgh-48mx: Adobe Reader and Acrobat 9↗2022-05-02

▶

VulnCheck

Adobe Reader and Acrobat Launch File Warning Vulnerability↗2010

▶

💥Exploits & PoCs

Exploit-DB

Adobe PDF - Embedded EXE Social Engineering (Metasploit)↗2010-12-16

▶

Exploit-DB

Adobe PDF - Escape EXE Social Engineering (No JavaScript) (Metasploit)↗2010-12-16

▶

Exploit-DB

Adobe Reader - Escape From '.PDF' Execute Embedded Executable↗2010-03-31

▶

Metasploit

Adobe PDF Embedded EXE Social Engineering↗

▶

Metasploit

Adobe PDF Escape EXE Social Engineering (No JavaScript)↗

▶

📋Vendor Advisories

Red Hat

acroread: multiple code execution flaws (APSB10-15)↗2010-06-29

▶

📄Research Papers

arXiv

Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks↗2020-04-14

▶

arXiv

Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware↗2017-07-17

▶

💬Community

Bugzilla

acroread: multiple critical security flaws (APSB10-17)↗2010-08-17

▶

Bugzilla

acroread: multiple code execution flaws (APSB10-15)↗2010-06-29

▶