 |
|
|
|
| Vulnerability details : |
| |
 |
|
Adobe Acrobat UUEncode Shell Metacharacter Command Execution |
|
|
Fiche créée le 2004-08-13 15:38:15, dernière mise à jour le 2010-03-12 09:12:56
Acrobat Reader contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when Acrobat Reader tries to convert uuencoded documents into their original format. When doing so it doesn't check for backtick shell metacharacter in the filename before executing a shell command when opened. By exploiting this flaw attacker could construct a file with a name that would execute arbitrary commands resulting in a loss of integrity.
|
| |
| Adobe Systems Incorporated (UNIX) 5.0 6 Affected | | Adobe Systems Incorporated (UNIX) 5.0 7 Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2004-08-12 15:27:09
| | Disclosure : OSVDB Verified | Confirmé le 2004-08-12 15:27:09
| | Disclosure : Vendor Verified | | | Exploit : Exploit Unknown
Unsure of exploit status. | Exploit découvert le 1970-01-01 07:00:00
| Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | |
| |
| External refs : |
| OSVDB 8654 | | | | | | | | | | | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
