Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0630

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0630
Last Modified 05 Sep 2008 04:38:57
Published 18 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0630

Summary

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.

Vulnerable Systems

Application

  • Adobe Acrobat Reader 5.0

  • Adobe Acrobat Reader 5.0.5

  • Adobe Acrobat Reader 5.0.6


References

BID - 10931

XF - acrobat-reader-execute-code(16973)

REDHAT - RHSA-2004:432

CONFIRM - http://www.adobe.com/support/techdocs/322914.html

GENTOO - GLSA-200408-14

IDEFENSE - 20040812 Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution Vulnerability


Last Updated: 27 May 2016 10:38:41