CVE-2004-0630

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/10931	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-14.xml	Vendor Advisory
http://www.adobe.com/support/techdocs/322914.html
http://www.redhat.com/support/errata/RHSA-2004-432.html
http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/16973

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:acrobat_reader:5.0:::::::*
	cpe:2.3:a:adobe:acrobat_reader:5.0.5:::::::*
	cpe:2.3:a:adobe:acrobat_reader:5.0.6:::::::*

Information

Published : 2004-08-17 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0630

Mitre link : CVE-2004-0630

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

adobe

acrobat_reader

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/10931", "name": "10931", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://security.gentoo.org/glsa/glsa-200408-14.xml", "name": "GLSA-200408-14", "tags": ["Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://www.adobe.com/support/techdocs/322914.html", "name": "http://www.adobe.com/support/techdocs/322914.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-432.html", "name": "RHSA-2004:432", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities", "name": "20040812 Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16973", "name": "acrobat-reader-execute-code(16973)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters (\"`\" or backtick) in the filename of the PDF file that is provided to the uudecode command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0630", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-08-18T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}