Vulnerability Details CVE-2004-0630
The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.195
EPSS Ranking 95.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://security.gentoo.org/glsa/glsa-200408-14.xml
- http://www.adobe.com/support/techdocs/322914.html
- http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities
- http://www.redhat.com/support/errata/RHSA-2004-432.html
- http://www.securityfocus.com/bid/10931
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16973
- http://security.gentoo.org/glsa/glsa-200408-14.xml
- http://www.adobe.com/support/techdocs/322914.html
- http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities
- http://www.redhat.com/support/errata/RHSA-2004-432.html
- http://www.securityfocus.com/bid/10931
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16973
Products affected by CVE-2004-0630
-
cpe:2.3:a:adobe:acrobat_reader:5.0
-
cpe:2.3:a:adobe:acrobat_reader:5.0.5
-
cpe:2.3:a:adobe:acrobat_reader:5.0.6