Exploit for #VU5225 Code execution in Adobe Reader and Adobe Acrobat

Published: 2020-03-18 | Updated: 2021-06-06

Vulnerability identifier: #VU5225

Vulnerability risk: Medium

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2010-1240

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 6

June 6, 2021
- Embedded-PDF (This demonstration video shows how we can control the victim's device by sending the innocent-looking PDF file to the target which actually consists of embedded payload. The exploit was made public as CVE-2010-1240. ) [Github]
March 18, 2020
- Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit) [Exploit-DB]
- Adobe PDF - Embedded EXE Social Engineering (Metasploit) [Exploit-DB]
- Adobe Reader - Escape From '.PDF' [Exploit-DB]
- Adobe PDF Escape EXE Social Engineering (No JavaScript) [Metasploit]
- Adobe PDF Embedded EXE Social Engineering [Metasploit]

Vulnerable software:
Adobe Reader
Client/Desktop applications / Office applications
Adobe Acrobat
Client/Desktop applications / Office applications

Vendor: Adobe