CVE-2009-1062

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

http://secunia.com/advisories/34392

http://secunia.com/advisories/34490

http://secunia.com/advisories/34706

http://secunia.com/advisories/34790

http://security.gentoo.org/glsa/glsa-200904-17.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1

http://www.adobe.com/support/security/bulletins/apsb09-04.html

http://www.ivizsecurity.com/security-advisory-iviz-sr-09001.html

http://www.redhat.com/support/errata/RHSA-2009-0376.html

http://www.securityfocus.com/bid/34229

http://www.securitytracker.com/id?1021892

http://www.vupen.com/english/advisories/2009/1019

Details

Source: MITRE

Published: 2009-03-25

Updated: 2018-10-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.9:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.1:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.0:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.0:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.1:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.1:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.2:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.2:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.2:security_update:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.3:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.3:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.4:*:professional:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.4:*:standard:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:*:*:professional:*:*:*:*:* versions up to 9.0 (inclusive)

cpe:2.3:a:adobe:acrobat:*:*:standard:*:*:*:*:* versions up to 9.0 (inclusive)

cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* versions up to 9.0 (inclusive)

cpe:2.3:a:adobe:reader:3.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:4.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:4.0.5c:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:4.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:5.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:6.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
51705SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6161)NessusSuSE Local Security Checks
critical
51690SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6121)NessusSuSE Local Security Checks
critical
41365SuSE 11 Security Update : acroread_ja (SAT Patch Number 769)NessusSuSE Local Security Checks
critical
41362SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 690)NessusSuSE Local Security Checks
critical
40803Adobe Acrobat < 9.1 / 8.1.4 / 7.1.1 Multiple VulnerabilitiesNessusWindows
high
40740RHEL 3 / 4 / 5 : acroread (RHSA-2009:0376)NessusRed Hat Local Security Checks
critical
40182openSUSE Security Update : acroread (acroread-689)NessusSuSE Local Security Checks
critical
39906openSUSE Security Update : acroread (acroread-689)NessusSuSE Local Security Checks
critical
36196GLSA-200904-17 : Adobe Reader: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
36033openSUSE 10 Security Update : acroread (acroread-6120)NessusSuSE Local Security Checks
critical
35821Adobe Reader < 9.1 / 8.1.4 / 7.1.1 Multiple VulnerabilitiesNessusWindows
high