Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-176
Vulnerability from certfr_avis
Deux vulnérabilités présentes dans Adobe Reader et Adobe Acrobat permettent à un utilisateur distant d'exécuter du code arbitraire.
Description
Deux vulnérabilités sont présentes dans Adobe Reader et Adobe Acrobat. Elles sont relatives à certaines fonctions mises en œuvre dans le contexte du moteur de rendu JavaScript de Adobe Reader et Adobe Acrobat. Ces failles permettent toutes les deux à un utilisateur malintentionné distant d'exécuter du code arbitraire par le biais d'un pointeur vers un fichier PDF construit de façon particulière.
Ces vulnérabilités s'appuyant uniquement sur des fonctions Javascript, elles ne sont donc pas dépendantes d'une plateforme particulière et fonctionnent à la fois sous Microsoft Windows, GNU/Linux, UNIX et MacOS X.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Acrobat et Adobe Reader versions 8.1.4 et ant\u00e9rieures ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat et Adobe Reader versions 7.1.1 et ant\u00e9rieures ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat et Adobe Reader versions 9.1 et ant\u00e9rieures.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Adobe Reader et Adobe Acrobat.\nElles sont relatives \u00e0 certaines fonctions mises en \u0153uvre dans le\ncontexte du moteur de rendu JavaScript de Adobe Reader et Adobe Acrobat.\nCes failles permettent toutes les deux \u00e0 un utilisateur malintentionn\u00e9\ndistant d\u0027ex\u00e9cuter du code arbitraire par le biais d\u0027un pointeur vers un\nfichier PDF construit de fa\u00e7on particuli\u00e8re.\n\nCes vuln\u00e9rabilit\u00e9s s\u0027appuyant uniquement sur des fonctions Javascript,\nelles ne sont donc pas d\u00e9pendantes d\u0027une plateforme particuli\u00e8re et\nfonctionnent \u00e0 la fois sous Microsoft Windows, GNU/Linux, UNIX et MacOS\nX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1493"
},
{
"name": "CVE-2009-1492",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1492"
}
],
"initial_release_date": "2009-05-07T00:00:00",
"last_revision_date": "2009-05-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe du 1er mai 2009 :",
"url": "http://www.adobe.com/support/security/advisories/apsa09-06.html"
}
],
"reference": "CERTA-2009-AVI-176",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-05-07T00:00:00.000000"
},
{
"description": "mise \u00e0 disposition du correctif par l\u0027\u00e9diteur et ajout des r\u00e9f\u00e9rences CVE.",
"revision_date": "2009-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Adobe Reader et Adobe Acrobat\npermettent \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Reader et Adobe Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSA09-06 du 12 mai 2009",
"url": null
}
]
}
CVE-2009-1493 (GCVE-0-2009-1493)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "8570",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8570"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "reader-spellcustom-code-execution(50146)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50146"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt"
},
{
"name": "54129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54129"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "8570",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8570"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "reader-spellcustom-code-execution(50146)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50146"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt"
},
{
"name": "54129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54129"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34740"
},
{
"name": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "35734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "8570",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8570"
},
{
"name": "ADV-2009-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "reader-spellcustom-code-execution(50146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50146"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-06.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt"
},
{
"name": "54129",
"refsource": "OSVDB",
"url": "http://osvdb.org/54129"
},
{
"name": "GLSA-200907-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1493",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-30T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1492 (GCVE-0-2009-1492)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8569",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "54130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54130"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35152"
},
{
"name": "34736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34736"
},
{
"name": "reader-getannots-code-execution(50145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8569",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "35734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "ADV-2009-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt"
},
{
"name": "GLSA-200907-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "54130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54130"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35152"
},
{
"name": "34736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34736"
},
{
"name": "reader-getannots-code-execution(50145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8569",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8569"
},
{
"name": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=926953"
},
{
"name": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html"
},
{
"name": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
},
{
"name": "35734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35734"
},
{
"name": "TA09-133B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
},
{
"name": "ADV-2009-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1189"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-06.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt"
},
{
"name": "GLSA-200907-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "259028",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
},
{
"name": "SUSE-SA:2009:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
},
{
"name": "34924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34924"
},
{
"name": "ADV-2009-1317",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1317"
},
{
"name": "1022139",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022139"
},
{
"name": "35358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35358"
},
{
"name": "35055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35055"
},
{
"name": "VU#970180",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970180"
},
{
"name": "54130",
"refsource": "OSVDB",
"url": "http://osvdb.org/54130"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "RHSA-2009:0478",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
},
{
"name": "35096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35152"
},
{
"name": "34736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34736"
},
{
"name": "reader-getannots-code-execution(50145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1492",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-30T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…