Skip to main content
Security Informatics

Table 3 List of the most exploited vulnerabilities in our dataset

From: Keeping pace with the creation of new malicious PDF files using an active-learning based detection framework

The CVE

Description

Percentage

CVE-2007-3845a

The version of some PDF readers was found to allow remote attackers to execute arbitrary commands via certain vectors associated with launching malicious code based on the file extension at the end of the URI

49

CVE-2008-2551b

The DownloaderActiveX Control in Icona SpA C6 Messenger allows remote attackers to force the download and execution of arbitrary files via a URL in the prop download url parameter with the propPost download action parameter set to “run”

4

CVE-2009-0927c

Stack-based buffer overflow in some adobe reader versions allows remote attackers to execute malicious code via a crafted argument to the ‘getIcon’ method of a ‘Collab’ object. This executed code can exfiltrate sensitive data to a remote server where it can download and execute dangerous payload to the host

5

CVE-2010-0188d

Unspecified vulnerability in adobe reader and acrobat allows attackers to cause a denial of service (application crash) or possibly execute malicious code via unknown vectors

6

CVE-2013-0640e

Adobe reader and acrobat versions allow remote attackers to execute malicious code or cause a denial of service (memory corruption)

32

  1. a http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3845
  2. b http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2551
  3. c http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0927
  4. d https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
  5. e https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0640
Back to article page