CVE-2003-0434

Adobe Acrobat <5.06 & Xpdf 1.01 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0434. PoCs published by Martyn Gilmore.

AI-analyzed exploit summary This exploit leverages a vulnerability in Unix PDF viewers where hyperlinks can execute arbitrary shell commands via 'sh -c'. The LaTeX document demonstrates a malicious hyperlink that executes commands when clicked.

Description

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Martyn Gilmore · textremotelinux
https://www.exploit-db.com/exploits/22771

This exploit leverages a vulnerability in Unix PDF viewers where hyperlinks can execute arbitrary shell commands via 'sh -c'. The LaTeX document demonstrates a malicious hyperlink that executes commands when clicked.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Multiple Unix PDF viewers (e.g., xpdf)
No auth needed
Prerequisites: User interaction (clicking the hyperlink) · PDF viewer with hyperlink support enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9038
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:071
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/200132
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-196.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9037
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-197.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105777963019186&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664

Scores

EPSS 0.4094
EPSS Percentile 98.5%

Details

Status published
Products (12)
adobe/acrobat 5.0.6
mandrakesoft/mandrake_linux 9.0
mandrakesoft/mandrake_linux 9.1
mandrakesoft/mandrake_linux_corporate_server 2.1
redhat/enterprise_linux 2.1 (3 CPE variants)
redhat/linux 7.1
redhat/linux 7.2
redhat/linux 7.3
redhat/linux 8.0
redhat/linux 9.0
... and 2 more
Published Jul 24, 2003
Tracked Since Feb 18, 2026