| Vulnerability Name: | CVE-2003-0284 (CCN-12009) | ||||||||
| Assigned: | 2003-04-30 | ||||||||
| Published: | 2003-04-30 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0284 Source: CCN Type: Adobe Acrobat Web site Adobe Products Source: CCN Type: Adobe Downloads Web site Adobe Acrobat 5.0.5 Security, Accessibility, and Forms patch - English Source: CONFIRM Type: Patch, Vendor Advisory http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121 Source: CCN Type: US-CERT VU#184820 Adobe Acrobat does not adequately validate Acrobat JavaScript Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#184820 Source: CCN Type: OSVDB ID: 7289 Adobe Acrobat JavaScript PDF Arbitrary File Write Source: CCN Type: BID-7567 Adobe Acrobat JavaScript Parsing Engine Arbitrary Code Execution Vulnerability Source: XF Type: UNKNOWN adobe-javascript-code-execution(12009) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||