| ID |
CVE-2009-1493
|
| Summary |
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
-
cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.8 (as of 17-05-2024 - 17:21) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| redhat
via4
|
| advisories | | | rpms | - acroread-0:8.1.5-1.el4
- acroread-0:8.1.5-1.el5
- acroread-0:8.1.5-2
- acroread-plugin-0:8.1.5-1.el4
- acroread-plugin-0:8.1.5-1.el5
- acroread-plugin-0:8.1.5-2
|
|
| refmap
via4
|
| bid | 34740 | | cert | TA09-133B | | cert-vn | VU#970180 | | confirm | | | exploit-db | 8570 | | gentoo | GLSA-200907-06 | | misc | | | osvdb | 54129 | | sectrack | 1022139 | | secunia | - 34924
- 35055
- 35096
- 35152
- 35358
- 35416
- 35734
| | sunalert | 259028 | | suse | - SUSE-SA:2009:027
- SUSE-SR:2009:011
| | vupen | - ADV-2009-1189
- ADV-2009-1317
| | xf | reader-spellcustom-code-execution(50146) |
|
| saint
via4
|
| bid | 34740 | | description | Adobe Reader Javascript API spell.customDictonaryOpen memory corruption | | id | misc_acroread | | osvdb | 54129 | | title | adobe_reader_customdictionaryopen | | type | client |
|
| Last major update |
17-05-2024 - 17:21 |
| Published |
30-04-2009 - 20:30 |
| Last modified |
17-05-2024 - 17:21 |
