The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x prior to 7.1.4, 8.x prior to 8.1.7, and 9.x prior to 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote malicious users to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
adobe acrobat 7.0.6 |
||
adobe acrobat 7.0.7 |
||
adobe acrobat 8.1.1 |
||
adobe acrobat 8.1.2 |
||
adobe acrobat |
||
adobe acrobat 7.0.2 |
||
adobe acrobat 7.0.3 |
||
adobe acrobat 7.1.0 |
||
adobe acrobat 7.1.1 |
||
adobe acrobat 8.1.6 |
||
adobe acrobat 9.0 |
||
adobe acrobat 7.0.4 |
||
adobe acrobat 7.0.5 |
||
adobe acrobat 7.1.3 |
||
adobe acrobat 8.1 |
||
adobe acrobat 9.1.1 |
||
adobe acrobat 9.1.2 |
||
adobe acrobat 8.0 |
||
adobe acrobat 7.0 |
||
adobe acrobat 7.0.1 |
||
adobe acrobat 7.0.8 |
||
adobe acrobat 7.0.9 |
||
adobe acrobat 8.1.3 |
||
adobe acrobat 8.1.4 |
||
adobe acrobat reader 7.0.6 |
||
adobe acrobat reader 7.0.7 |
||
adobe acrobat reader 8.1 |
||
adobe acrobat reader 7.0.2 |
||
adobe acrobat reader 7.0.4 |
||
adobe acrobat reader 7.0.5 |
||
adobe acrobat reader 7.1.3 |
||
adobe acrobat reader 8.0 |
||
adobe acrobat reader 8.1.6 |
||
adobe acrobat reader 9.0 |
||
adobe acrobat reader 9.1 |
||
adobe acrobat reader 8.1.1 |
||
adobe acrobat reader 9.1.1 |
||
adobe acrobat reader 9.1.2 |
||
adobe acrobat reader 7.0.3 |
||
adobe acrobat reader 7.1.0 |
||
adobe acrobat reader 7.1.1 |
||
adobe acrobat reader 8.1.4 |
||
adobe acrobat reader 8.1.5 |
||
adobe acrobat reader 7.0 |
||
adobe acrobat reader 7.0.1 |
||
adobe acrobat reader 7.0.8 |
||
adobe acrobat reader 7.0.9 |
||
adobe acrobat reader 8.1.2 |
||
adobe acrobat reader 8.1.3 |
||
adobe acrobat reader |
Vulmon