Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-ALE-006
Vulnerability from certfr_alerte
Deux vulnérabilités présentes dans Adobe Reader et Adobe Acrobat permettent à un utilisateur distant d'exécuter du code arbitraire.
Description
Deux vulnérabilités sont présentes dans Adobe Reader et Adobe Acrobat. Elles sont relatives à certaines fonctions mises en œuvre dans le contexte du moteur de rendu JavaScript de Adobe Reader et Adobe Acrobat. Ces failles permettent toutes les deux à un utilisateur malintentionné distant d'exécuter du code arbitraire par le biais d'un pointeur vers un fichier PDF construit de façon particulière.
Ces vulnérabilités s'appuyant uniquement sur des fonctions Javascript, elles ne sont donc pas dépendantes d'une plateforme particulière et fonctionnent à la fois sous Microsoft Windows, GNU/Linux, UNIX et MacOS X.
Des codes exploitant ces vulnérabilités sont disponibles sur l'Internet.
Adobe a publié un avis de sécurité précisant qu'un correctif sera mis à disposition le 12 mai 2009. Il concernera les systèmes d'exploitation Windows, MacOS et Unix.
Contournement provisoire
Dans l'attente d'un correctif approprié, il est recommandé de désactiver le support du JavaScript dans Adobe Reader et Adobe Acrobat en décochant l'option Activer Acrobat Javascript dans Edition -> Preferences -> Javascript ;
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Acrobat et Adobe Reader versions 8.1.4 et ant\u00e9rieures ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat et Adobe Reader versions 7.1.1 et ant\u00e9rieures ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat et Adobe Reader versions 9.1 et ant\u00e9rieures.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2009-05-13",
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Adobe Reader et Adobe Acrobat.\nElles sont relatives \u00e0 certaines fonctions mises en \u0153uvre dans le\ncontexte du moteur de rendu JavaScript de Adobe Reader et Adobe Acrobat.\nCes failles permettent toutes les deux \u00e0 un utilisateur malintentionn\u00e9\ndistant d\u0027ex\u00e9cuter du code arbitraire par le biais d\u0027un pointeur vers un\nfichier PDF construit de fa\u00e7on particuli\u00e8re.\n\nCes vuln\u00e9rabilit\u00e9s s\u0027appuyant uniquement sur des fonctions Javascript,\nelles ne sont donc pas d\u00e9pendantes d\u0027une plateforme particuli\u00e8re et\nfonctionnent \u00e0 la fois sous Microsoft Windows, GNU/Linux, UNIX et MacOS\nX.\n\nDes codes exploitant ces vuln\u00e9rabilit\u00e9s sont disponibles sur l\u0027Internet.\n\nAdobe a publi\u00e9 un avis de s\u00e9curit\u00e9 pr\u00e9cisant qu\u0027un correctif sera mis \u00e0\ndisposition le 12 mai 2009. Il concernera les syst\u00e8mes d\u0027exploitation\nWindows, MacOS et Unix.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif appropri\u00e9, il est recommand\u00e9 de d\u00e9sactiver\nle support du JavaScript dans Adobe Reader et Adobe Acrobat en d\u00e9cochant\nl\u0027option Activer Acrobat Javascript dans Edition -\\\u003e Preferences -\\\u003e\nJavascript ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-1492",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1492"
},
{
"name": "CVE-2009-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1493"
}
],
"initial_release_date": "2009-04-28T00:00:00",
"last_revision_date": "2009-05-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe du 12 mai 2009 :",
"url": "http://www.adobe.com/support/security/advisories/apsa09-06.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe du 1er mai 2009 :",
"url": "http://www.adobe.com/support/security/advisories/apsa09-02.html"
},
{
"title": "Bloc-notes PSIRT d\u0027Adobe :",
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
}
],
"reference": "CERTA-2009-ALE-006",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-04-28T00:00:00.000000"
},
{
"description": "les vuln\u00e9rabilit\u00e9s touchent \u00e9galement Acrobat et fonctionnent sur toute plateforme, ajout de la r\u00e9f\u00e9rence au bloc-notes d\u0027Adobe.",
"revision_date": "2009-04-29T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin Adobe APSA09-02 et aux CVE associ\u00e9s.",
"revision_date": "2009-05-07T00:00:00.000000"
},
{
"description": "correctif disponible.",
"revision_date": "2009-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Adobe Reader et Adobe Acrobat\npermettent \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Reader et Adobe Acrobat",
"vendor_advisories": []
}
CVE-2009-1493 (GCVE-0-2009-1493)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "8570",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8570"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "reader-spellcustom-code-execution(50146)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50146"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt"
},
{
"name": "54129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54129"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "8570",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8570"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "reader-spellcustom-code-execution(50146)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50146"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt"
},
{
"name": "54129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54129"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34740"
},
{
"name": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "35734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "8570",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8570"
},
{
"name": "ADV-2009-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "reader-spellcustom-code-execution(50146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50146"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-06.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt"
},
{
"name": "54129",
"refsource": "OSVDB",
"url": "http://osvdb.org/54129"
},
{
"name": "GLSA-200907-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1493",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-30T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1492 (GCVE-0-2009-1492)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8569",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "54130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54130"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35152"
},
{
"name": "34736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34736"
},
{
"name": "reader-getannots-code-execution(50145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8569",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "54130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54130"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35152"
},
{
"name": "34736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34736"
},
{
"name": "reader-getannots-code-execution(50145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8569",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8569"
},
{
"name": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html"
},
{
"name": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "35734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "ADV-2009-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-06.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt"
},
{
"name": "GLSA-200907-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "54130",
"refsource": "OSVDB",
"url": "http://osvdb.org/54130"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35152"
},
{
"name": "34736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34736"
},
{
"name": "reader-getannots-code-execution(50145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1492",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-30T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…