ID CVE-2009-1493
Summary The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-09-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2009:0478
refmap via4
bid 34740
cert TA09-133B
cert-vn VU#970180
confirm
exploit-db 8570
gentoo GLSA-200907-06
misc
osvdb 54129
sectrack 1022139
secunia
  • 34924
  • 35055
  • 35096
  • 35152
  • 35358
  • 35416
  • 35734
sunalert 259028
suse
  • SUSE-SA:2009:027
  • SUSE-SR:2009:011
vupen
  • ADV-2009-1189
  • ADV-2009-1317
xf reader-spellcustom-code-execution(50146)
saint via4
bid 34740
description Adobe Reader Javascript API spell.customDictonaryOpen memory corruption
id misc_acroread
osvdb 54129
title adobe_reader_customdictionaryopen
type client
Last major update 29-09-2017 - 01:34
Published 30-04-2009 - 20:30
Back to Top