{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-1636", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1636"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/"}, {"name": "TA10-231A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"}, {"name": "1024159", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024159"}, {"name": "[dailydave] 20100401 0day, it may not be", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/"}, {"name": "oval:org.mitre.oval:def:7466", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-1636", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1636"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"}, {"name": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/", "refsource": "MISC", "url": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/"}, {"name": "TA10-231A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"}, {"name": "1024159", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024159"}, {"name": "[dailydave] 20100401 0day, it may not be", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html"}, {"name": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/", "refsource": "MISC", "url": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/"}, {"name": "oval:org.mitre.oval:def:7466", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:14:06.682Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2010-1636", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1636"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/"}, {"name": "TA10-231A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"}, {"name": "1024159", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024159"}, {"name": "[dailydave] 20100401 0day, it may not be", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/"}, {"name": "oval:org.mitre.oval:def:7466", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1240", "datePublished": "2010-04-05T15:15:00", "dateReserved": "2010-04-05T00:00:00", "dateUpdated": "2024-08-07T01:14:06.682Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "39EDED39-664F-4B68-B422-2CCCA3B83550", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message."}, {"lang": "es", "value": "Reader y Acrobat de Adobe versiones 9.x anteriores a 9.3.3, y versiones 8.x anteriores a 8.2.3, sobre Windows y Mac OS X, no restringen el contenido de un campo de texto en el cuadro de di\u00e1logo de advertencia Iniciar Archivo, lo que facilita a los atacantes remotos enga\u00f1ar a los usuarios para que ejecuten un programa local arbitrario que se especific\u00f3 en un documento PDF, como es demostrado por un campo de texto que afirma que el bot\u00f3n Abrir permitir\u00e1 al usuario leer un mensaje cifrado."}], "id": "CVE-2010-1240", "lastModified": "2017-09-19T01:30:38.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-04-05T15:30:01.313", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.didierstevens.com/2010/03/29/escape-from-pdf/"}, {"source": "cve@mitre.org", "url": "http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/"}, {"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024159"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-231A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/1636"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0503", "cpe": "cpe:/a:redhat:rhel_extras:4", "impact": "critical", "package": "acroread-0:9.3.3-2.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-06-30T00:00:00Z"}, {"advisory": "RHSA-2010:0503", "cpe": "cpe:/a:redhat:rhel_extras:5", "impact": "critical", "package": "acroread-0:9.3.3-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-06-30T00:00:00Z"}], "bugzilla": {"description": "acroread: multiple code execution flaws (APSB10-15)", "id": "609203", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=609203"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message."], "name": "CVE-2010-1240", "public_date": "2010-06-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1240\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1240"], "threat_severity": "Critical"}