CVE-2009-0928

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

http://secunia.com/advisories/34392

http://secunia.com/advisories/34490

http://secunia.com/advisories/34706

http://secunia.com/advisories/34790

http://security.gentoo.org/glsa/glsa-200904-17.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1

http://www.adobe.com/support/security/bulletins/apsb09-04.html

http://www.redhat.com/support/errata/RHSA-2009-0376.html

http://www.securityfocus.com/bid/34229

http://www.securitytracker.com/id?1021892

http://www.vupen.com/english/advisories/2009/1019

Details

Source: MITRE

Published: 2009-03-25

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* versions up to 9.0 (inclusive)

Configuration 2

OR

cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* versions up to 9.0 (inclusive)

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
51705SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6161)NessusSuSE Local Security Checks
critical
51690SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6121)NessusSuSE Local Security Checks
critical
41365SuSE 11 Security Update : acroread_ja (SAT Patch Number 769)NessusSuSE Local Security Checks
critical
41362SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 690)NessusSuSE Local Security Checks
critical
40803Adobe Acrobat < 9.1 / 8.1.4 / 7.1.1 Multiple VulnerabilitiesNessusWindows
high
40740RHEL 3 / 4 / 5 : acroread (RHSA-2009:0376)NessusRed Hat Local Security Checks
critical
40182openSUSE Security Update : acroread (acroread-689)NessusSuSE Local Security Checks
critical
39906openSUSE Security Update : acroread (acroread-689)NessusSuSE Local Security Checks
critical
36196GLSA-200904-17 : Adobe Reader: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
36033openSUSE 10 Security Update : acroread (acroread-6120)NessusSuSE Local Security Checks
critical
35821Adobe Reader < 9.1 / 8.1.4 / 7.1.1 Multiple VulnerabilitiesNessusWindows
high