Input Restriction Flaw in Adobe Reader and Acrobat on Windows and Mac OS X
CVE-2010-1240

Currently unrated

Key Information:

Vendor

Adobe
Status
Acrobat Reader
Vendor
CVE Published:
5 April 2010

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%

What is CVE-2010-1240?

Adobe Reader and Acrobat applications prior to specified versions on Windows and Mac OS X contain an input validation flaw within the Launch File warning dialog. This weakness allows attackers to manipulate text fields, misleading users into executing local programs while accessing seemingly benign PDFs. For instance, an attacker can craft a document that misrepresents the functionality of the Open button, claiming it will lead to reading an encrypted message, thereby potentially compromising the user's machine.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Embedded-PDF
Created by Jasmoon99

Embedded-Backdoor-Connection
Created by omarothmann

CVE-2010-1240
Created by 12345qwert123456

References

http://www.vupen.com/english/advisories/2010/1636
vdb-entryx_refsource_VUPEN
http://www.adobe.com/support/security/bulletins/apsb10-15...
x_refsource_CONFIRM
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
x_refsource_MISC

EPSS Score

92% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2010-1240 : Input Restriction Flaw in Adobe Reader and Acrobat on Windows and Mac OS X