ID CVE-2003-0434
Summary Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2007-04-25T19:52:38.816-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
description Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
family unix
id oval:org.mitre.oval:def:664
status accepted
submitted 2003-08-29T12:00:00.000-04:00
title Code Execution Vulnerability in XPDF PDF Viewer
version 38
redhat via4
advisories
  • rhsa
    id RHSA-2003:196
  • rhsa
    id RHSA-2003:197
refmap via4
bugtraq 20030709 xpdf vulnerability - CAN-2003-0434
cert-vn VU#200132
fulldisc 20030613 -10Day CERT Advisory on PDF Files
mandrake MDKSA-2003:071
secunia
  • 9037
  • 9038
Last major update 11-10-2017 - 01:29
Published 24-07-2003 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top