1. CVE-Search
  2. CVE-2004-1153
ID CVE-2004-1153
Summary Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-10-06T04:04:11.161-04:00
class vulnerability
contributors
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
description Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields.
family windows
id oval:org.mitre.oval:def:2919
status accepted
submitted 2005-04-26T12:00:00.000-04:00
title Adobe Acrobat Reader .ETD Document Code Execution Vulnerability
version 5
refmap via4
confirm http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679
idefense 20041214 Adobe Reader 6.0 .ETD File Format String Vulnerability
xf adobe-acrobat-etd-format-string(18478)
Last major update 11-10-2017 - 01:29
Published 10-01-2005 - 05:00
Last modified 11-10-2017 - 01:29
Back to Top