Oval Definition:	oval:org.mitre.oval:def:5822
Revision Date: 2013-08-12 Version: 17 Title: Adobe Reader and Acrobat cause Multiple Vulnerabilities Description: The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-2993 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Adobe Acrobat Adobe Reader Definition Synopsis Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 OR Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 OR Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 OR Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 OR Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 OR Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 OR Adobe Acrobat library is less than 9.1.0.2009022700
BACK