VYPR
Unrated severityNVD Advisory· Published Oct 19, 2009· Updated Jun 16, 2026

CVE-2009-2993

CVE-2009-2993

Description

The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

52
  • Adobe Inc./Acrobat51 versions
    cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 50 more
    • cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: <=9.1.3
    • cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: <=9.1.3
    • cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
    • (no CPE)range: <7.1.4, <8.1.7, <9.2
  • Range: <7.1.4, <8.1.7, <9.2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.