cbcvebase.
CVE-2010-1240
published 2010-04-05

CVE-2010-1240: Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File…

PriorityP275critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
73.44%
99.4th percentile
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.

Affected

1 ranges
VendorProductVersion rangeFixed in
adobeacrobat_reader

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11987.zip
  • PDF files using a /Launch /Action to execute an embedded or external executable without exploiting a memory corruption vulnerability — detection should focus on the presence of /Launch actions in PDF structure.
  • Foxit Reader executes the launch action with no warning dialog at all — PDF scanners should flag /Launch actions regardless of the target reader application.
  • Blocking Adobe Reader (AcroRd32.exe) from spawning new child processes is an effective host-based mitigation and detection pivot point for this attack.
  • ·The Metasploit module targets Adobe Reader v8.x and v9.x on Windows XP SP3 English specifically; the attack surface and payload delivery may differ on other OS versions or Reader builds.
  • ·The LAUNCH_MESSAGE option allows the attacker to fully customize the social-engineering text shown in the warning dialog, meaning the specific lure string is attacker-controlled and variable.
  • ·The vulnerability was confirmed tested on Adobe Reader 9.3.1 on Windows XP SP3 and Windows 7; versions 9.3.3+ and 8.2.3+ are patched.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.