CVE-2009-2997

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

References

http://securitytracker.com/id?1023007

http://www.adobe.com/support/security/bulletins/apsb09-15.html

http://www.securityfocus.com/bid/36638

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

http://www.vupen.com/english/advisories/2009/2898

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6481

Details

Source: MITRE

Published: 2009-10-19

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* versions up to 9.1.3 (inclusive)

Configuration 2

OR

cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* versions up to 9.1.3 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
51709SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6585)NessusSuSE Local Security Checks
high
51708SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6584)NessusSuSE Local Security Checks
high
51694SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6583)NessusSuSE Local Security Checks
high
51693SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6582)NessusSuSE Local Security Checks
high
42318openSUSE 10 Security Update : acroread (acroread-6588)NessusSuSE Local Security Checks
high
42251SuSE 11 Security Update : acroread_ja (SAT Patch Number 1424)NessusSuSE Local Security Checks
high
42250SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1425)NessusSuSE Local Security Checks
high
42247openSUSE Security Update : acroread (acroread-1426)NessusSuSE Local Security Checks
high
42244openSUSE Security Update : acroread (acroread-1426)NessusSuSE Local Security Checks
high
42239GLSA-200910-03 : Adobe Reader: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
42134RHEL 3 / 4 / 5 : acroread (RHSA-2009:1499)NessusRed Hat Local Security Checks
high
42120Adobe Reader < 9.2 / 8.1.7 / 7.1.4 Multiple Vulnerabilities (APSB09-15)NessusWindows
high
42119Adobe Acrobat < 9.2 / 8.1.7 / 7.1.4 Multiple Vulnerabilities (APSB09-15)NessusWindows
high