CVE-2009-0927
Type:
Input Validation
Severity:
High
Publication date:
03/19/2009
Last modified:
11/08/2018
Description
Per vendor advisory in the 'details' section it states:
"The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)"
http://www.adobe.com/support/security/bulletins/apsb09-04.html
Impact
Access Vector: Through network
Access Complexity: Media
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
- SUSE-SA:2009:014 (Source: SUSE)
- SUSE-SR:2009:009 (Source: SUSE)
- 34490 (Source: SECUNIA)
- 34706 (Source: SECUNIA)
- 34790 (Source: SECUNIA)
- GLSA-200904-17 (Source: GENTOO)
- 256788 (Source: SUNALERT)
- http://www.adobe.com/support/security/bulletins/apsb09-04.html (Source: CONFIRM)
- 9579 (Source: EXPLOIT-DB)
- 20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability (Source: BUGTRAQ)
- 34169 (Source: BID)
- 1021861 (Source: SECTRACK)
- ADV-2009-0770 (Source: VUPEN)
- ADV-2009-1019 (Source: VUPEN)
- http://www.zerodayinitiative.com/advisories/ZDI-09-014 (Source: MISC)
- adobe-unspecified-javascript-code-execution(49312) (Source: XF)