ID CVE-2011-0588
Summary Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-06-10T04:00:11.425-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Sergey Artykhov
    organization ALTX-SOFT
definition_extensions
  • comment Adobe Acrobat 10.x is installed
    oval oval:org.mitre.oval:def:11989
  • comment Adobe Reader 10.x is installed
    oval oval:org.mitre.oval:def:12283
  • comment Adobe Acrobat 9 Series is installed
    oval oval:org.mitre.oval:def:6013
  • comment Adobe Reader 9 Series is installed
    oval oval:org.mitre.oval:def:6523
  • comment Adobe Reader 8 Series is installed
    oval oval:org.mitre.oval:def:6390
  • comment Adobe Acrobat 8 Series is installed
    oval oval:org.mitre.oval:def:6452
description Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570.
family windows
id oval:org.mitre.oval:def:12378
status accepted
submitted 2011-03-28T16:14:59
title Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6
version 14
refmap via4
bid 46254
confirm http://www.adobe.com/support/security/bulletins/apsb11-03.html
sectrack 1025033
vupen ADV-2011-0337
xf adobe-reader-dll-code-exec(65293)
Last major update 30-10-2018 - 16:25
Published 10-02-2011 - 18:00
Back to Top