VDB

CVE-2009-1598

CVE-2009-1598 PUBLISHED CVSS 9.300000190734863 CRITICAL

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

EPSS 0.31% · 54.0th percentile

Risk Scores

CVSS v2.0
9.300000190734863
EPSS Score
0.31%
54.0th percentile

Affected Products

VendorProductVersions
googlechrome
n/an/an/a

Timeline

  • May 11, 2009 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 17, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 1, 2023 EPSS Score
  • May 24, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›