Vulnerability CVE-2010-1240

Vulnerability Name:

CVE-2010-1240 (CCN-57988)

Assigned:

2010-03-29

Published:

2010-03-29

Updated:

2017-09-19

Summary:

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.6 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Didier Stevens Blog
Escape From PDF

Source: MISC
Type: Exploit
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/

Source: MISC
Type: UNKNOWN
http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/

Source: MITRE
Type: CNA
CVE-2010-1240

Source: MLIST
Type: UNKNOWN
[dailydave] 20100401 0day, it may not be

Source: CCN
Type: RHSA-2010-0503
Critical: acroread security update

Source: CCN
Type: SA40034
Adobe Reader/Acrobat authplay.dll AVM2 newfunction Handling Vulnerability

Source: CCN
Type: SECTRACK ID: 1024159
Adobe Reader and Acrobat Multiple Flaws Let Remote Users Execute Arbitrary Code

Source: CCN
Type: Adobe Web site
Adobe Reader

Source: CCN
Type: Adobe Product Security Bulletin APSB10-15
Security updates available for Adobe Reader and Acrobat

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/bulletins/apsb10-15.html

Source: CCN
Type: Adobe Product Security Bulletin APSB10-17
Security updates available for Adobe Reader and Acrobat

Source: CCN
Type: OSVDB ID: 63667
Adobe Reader Crafted PDF File Open Launch Sequence Arbitrary Program Execution

Source: SECTRACK
Type: UNKNOWN
1024159

Source: CERT
Type: US Government Resource
TA10-231A

Source: VUPEN
Type: UNKNOWN
ADV-2010-1636

Source: XF
Type: UNKNOWN
reader-launch-file-code-execution(57988)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7466

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-16-2010]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-16-2011]

Source: SUSE
Type: SUSE-SA:2010:029
Acrobat Reader security update

Source: SUSE
Type: SUSE-SA:2010:037
Acrobat Reader 9.3.4 update

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:acrobat:8.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.0:*:standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1:*:standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.1:*:standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.2:*:standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.0:*:professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.1:*:professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.2:*:professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.0:*:standard:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.0.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.4:*:standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.3:*:standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.1:*:standard:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.2:security_update:professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.3:*:professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.4:*:professional:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.1.3:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.6:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.1.5:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.3.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:spelling_dictionaries_support_for_adobe_reader:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.3:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.3.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*

OR cpe:/a:adobe:reader:9.3.3:*:*:*:*:*:*:*

OR cpe:/a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*

AND

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20101240	V	CVE-2010-1240	2015-11-16
oval:org.mitre.oval:def:22991	P	ELSA-2010:0503: acroread security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22247	P	RHSA-2010:0503: acroread security update (Critical)	2014-02-24
oval:org.mitre.oval:def:7466	V	Adobe Reader 9.3.1 on Windows does not restrict the contents of one text field in the Launch File warning dialog	2013-08-12
oval:com.redhat.rhsa:def:20100503	P	RHSA-2010:0503: acroread security update (Critical)	2010-06-30

BACK