Published: 05/04/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 946

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Adobe Reader and Acrobat 9.x prior to 9.3.3, and 8.x prior to 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote malicious users to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe acrobat_reader 9.3.1

Title : Escape From PDF Author : Didier Stevens Date : 03/29/2010 Source : blogdidierstevenscom/2010/03/29/escape-from-pdf/ This is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability! I use a launch action triggered by the opening of my PoC PDF With Adobe Reader, the us ...

## # $Id: adobe_pdf_embedded_exe_nojsrb 11353 2010-12-16 20:11:01Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## # # Modified ...

## # $Id: adobe_pdf_embedded_exerb 11353 2010-12-16 20:11:01Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

This demonstration video shows how we can control the victim's device by sending the innocent-looking PDF file to the target which actually consists of embedded payload. The exploit was made public as CVE-2010-1240.

Embedded Backdoor Connection via PDF Files 😈 brought to you by     Introduction This demonstration video shows how we can control the victim's device by sending the innocent-looking PDF file to the target which actually consists of embedded payload The exploit was made public as CVE-2010-1240 As soon as the PDF is opened in Adobe Reader, th

CVE-2010-1240 - Embedding backdoor into a PDF ⚠️ For educational and authorized security research purposes only Description Adobe Reader and Acrobat 9x before 933, and 8x before 823 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an a

This demonstration video shows how we can control the victim's device by sending the innocent-looking PDF file to the target which actually consists of embedded payload. The exploit was made public as CVE-2010-1240.

Embedded Backdoor Connection via PDF Files 😈 brought to you by     Introduction This demonstration video shows how we can control the victim's device by sending the innocent-looking PDF file to the target which actually consists of embedded payload The exploit was made public as CVE-2010-1240 As soon as the PDF is opened in Adobe Reader, th

CWE-264 http://lists.immunitysec.com/pipermail/dailydave/2010-April/006075.html http://blog.didierstevens.com/2010/03/29/escape-from-pdf/http://www.adobe.com/support/security/bulletins/apsb10-15.html http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/http://www.us-cert.gov/cas/techalerts/TA10-231A.html http://www.vupen.com/english/advisories/2010/1636 http://www.securitytracker.com/id?1024159 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7466 https://nvd.nist.gov https://github.com/Jasmoon99/Embedded-PDF https://www.exploit-db.com/exploits/11987/

CVE-2010-1240

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect