Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-0927 (GCVE-0-2009-0927)
Vulnerability from cvelistv5 – Published: 2009-03-19 10:00 – Updated: 2025-10-22 00:05
VLAI
EPSS
CISA KEV
Summary
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Severity
8.8 (High)
CWE
- n/a
Assigner
References
16 references
Date Public
2009-03-18 00:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 6faec9a4-f17a-47ea-9b67-c4681cc12f0e
Exploited: Yes
Timestamps
First Seen: 2022-03-25
Asserted: 2022-03-25
Scope
Notes: KEV entry: Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability | Affected: Adobe / Reader and Acrobat | Description: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-0927
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-20 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Reader and Acrobat |
| Due Date | 2022-04-15 |
| Date Added | 2022-03-25 |
| Vendorproject | Adobe |
| Vulnerabilityname | Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:28 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
},
{
"name": "9579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"name": "34169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34169"
},
{
"name": "34790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "1021861",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021861"
},
{
"name": "ADV-2009-0770",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"name": "34490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34490"
},
{
"name": "SUSE-SA:2009:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"name": "20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
},
{
"name": "34706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34706"
},
{
"name": "256788",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"name": "GLSA-200904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "ADV-2009-1019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"name": "adobe-unspecified-javascript-code-execution(49312)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-0927",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:59:29.770887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T00:05:55.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00.000Z",
"value": "CVE-2009-0927 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
},
{
"name": "9579",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"name": "34169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34169"
},
{
"name": "34790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "1021861",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021861"
},
{
"name": "ADV-2009-0770",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"name": "34490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34490"
},
{
"name": "SUSE-SA:2009:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"name": "20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
},
{
"name": "34706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34706"
},
{
"name": "256788",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"name": "GLSA-200904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "ADV-2009-1019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"name": "adobe-unspecified-javascript-code-execution(49312)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-014",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
},
{
"name": "9579",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"name": "34169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34169"
},
{
"name": "34790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34790"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "1021861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021861"
},
{
"name": "ADV-2009-0770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"name": "34490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34490"
},
{
"name": "SUSE-SA:2009:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"name": "20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
},
{
"name": "34706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34706"
},
{
"name": "256788",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"name": "GLSA-200904-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "ADV-2009-1019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"name": "adobe-unspecified-javascript-code-execution(49312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0927",
"datePublished": "2009-03-19T10:00:00.000Z",
"dateReserved": "2009-03-17T00:00:00.000Z",
"dateUpdated": "2025-10-22T00:05:55.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2009-0927",
"cwes": "[\"CWE-20\"]",
"dateAdded": "2022-03-25",
"dueDate": "2022-04-15",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
"product": "Reader and Acrobat",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.",
"vendorProject": "Adobe",
"vulnerabilityName": "Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability"
},
"epss": {
"cve": "CVE-2009-0927",
"date": "2026-05-27",
"epss": "0.93794",
"percentile": "0.99865"
},
"fkie_nvd": {
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndExcluding\": \"7.1.1\", \"matchCriteriaId\": \"FE671D4C-9BAC-4E77-A983-12F6BFD70562\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0\", \"versionEndExcluding\": \"8.1.3\", \"matchCriteriaId\": \"B03B6302-5781-4010-AD6A-7D18973D70C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0\", \"versionEndExcluding\": \"9.1\", \"matchCriteriaId\": \"BDBEDB79-859B-4EC6-8AFB-81FC20EB52B1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Adobe Reader y Adobe Acrobat v9.1 y v7.1.1 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante vectores desconocidos, en relaci\\u00f3n con un m\\u00e9todo JavaScript y validaci\\u00f3n de entrada, una vulnerabilidad diferente a CVE-2009-0658.\"}]",
"evaluatorSolution": "Per vendor advisory in the \u0027details\u0027 section it states:\n\n\"The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)\"\n\nhttp://www.adobe.com/support/security/bulletins/apsb09-04.html",
"id": "CVE-2009-0927",
"lastModified": "2024-12-19T17:39:50.787",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2009-03-19T10:30:00.420",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34490\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34706\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34790\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200904-17.xml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.exploit-db.com/exploits/9579\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/502116/100/0/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/34169\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1021861\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0770\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1019\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-014\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49312\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34490\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34706\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34790\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200904-17.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.exploit-db.com/exploits/9579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/502116/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/34169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1021861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0770\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-014\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49312\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2009-0927\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-19T10:30:00.420\",\"lastModified\":\"2026-04-22T14:12:44.147\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Adobe Reader y Adobe Acrobat v9.1 y v7.1.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores desconocidos, en relaci\u00f3n con un m\u00e9todo JavaScript y validaci\u00f3n de entrada, una vulnerabilidad diferente a CVE-2009-0658.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.1.1\",\"matchCriteriaId\":\"FE671D4C-9BAC-4E77-A983-12F6BFD70562\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.1.3\",\"matchCriteriaId\":\"B03B6302-5781-4010-AD6A-7D18973D70C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.1\",\"matchCriteriaId\":\"BDBEDB79-859B-4EC6-8AFB-81FC20EB52B1\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34490\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34706\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34790\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200904-17.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/9579\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/502116/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/34169\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1021861\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0770\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1019\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-014\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200904-17.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/9579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/502116/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/34169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1021861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}],\"evaluatorSolution\":\"Per vendor advisory in the \u0027details\u0027 section it states:\\n\\n\\\"The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)\\\"\\n\\nhttp://www.adobe.com/support/security/bulletins/apsb09-04.html\"}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-014\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.exploit-db.com/exploits/9579\", \"name\": \"9579\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/34169\", \"name\": \"34169\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/34790\", \"name\": \"34790\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1021861\", \"name\": \"1021861\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0770\", \"name\": \"ADV-2009-0770\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/34490\", \"name\": \"34490\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\", \"name\": \"SUSE-SA:2009:014\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/502116/100/0/threaded\", \"name\": \"20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/34706\", \"name\": \"34706\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\", \"name\": \"256788\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUNALERT\", \"x_transferred\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200904-17.xml\", \"name\": \"GLSA-200904-17\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\", \"name\": \"SUSE-SR:2009:009\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1019\", \"name\": \"ADV-2009-1019\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49312\", \"name\": \"adobe-unspecified-javascript-code-execution(49312)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T04:57:16.395Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2009-0927\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T19:59:29.770887Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-25T00:00:00.000Z\", \"value\": \"CVE-2009-0927 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121 Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T19:58:51.936Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2009-03-18T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-014\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.exploit-db.com/exploits/9579\", \"name\": \"9579\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://www.securityfocus.com/bid/34169\", \"name\": \"34169\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://secunia.com/advisories/34790\", \"name\": \"34790\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id?1021861\", \"name\": \"1021861\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0770\", \"name\": \"ADV-2009-0770\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://secunia.com/advisories/34490\", \"name\": \"34490\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\", \"name\": \"SUSE-SA:2009:014\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/502116/100/0/threaded\", \"name\": \"20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"http://secunia.com/advisories/34706\", \"name\": \"34706\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\", \"name\": \"256788\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUNALERT\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200904-17.xml\", \"name\": \"GLSA-200904-17\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\", \"name\": \"SUSE-SR:2009:009\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1019\", \"name\": \"ADV-2009-1019\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49312\", \"name\": \"adobe-unspecified-javascript-code-execution(49312)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2018-10-10T18:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-014\", \"name\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-014\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.exploit-db.com/exploits/9579\", \"name\": \"9579\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://www.securityfocus.com/bid/34169\", \"name\": \"34169\", \"refsource\": \"BID\"}, {\"url\": \"http://secunia.com/advisories/34790\", \"name\": \"34790\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb09-04.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id?1021861\", \"name\": \"1021861\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0770\", \"name\": \"ADV-2009-0770\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://secunia.com/advisories/34490\", \"name\": \"34490\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\", \"name\": \"SUSE-SA:2009:014\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.securityfocus.com/archive/1/502116/100/0/threaded\", \"name\": \"20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"http://secunia.com/advisories/34706\", \"name\": \"34706\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\", \"name\": \"256788\", \"refsource\": \"SUNALERT\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200904-17.xml\", \"name\": \"GLSA-200904-17\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\", \"name\": \"SUSE-SR:2009:009\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1019\", \"name\": \"ADV-2009-1019\", \"refsource\": \"VUPEN\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49312\", \"name\": \"adobe-unspecified-javascript-code-execution(49312)\", \"refsource\": \"XF\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2009-0927\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2009-0927\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:55.318Z\", \"dateReserved\": \"2009-03-17T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2009-03-19T10:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTA-2009-AVI-094
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans l'interprétation des documents PDF par différents lecteurs permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.
Description
Une erreur dans différents produits relative à l'interprétation des objets encodés au format JBIG2 dans des fichiers PDF permet à un utilisateur de provoquer l'arrêt du logiciel (crash).
Elle permet également l'exécution de code arbitraire sur le système vulnérable avec les droits de l'utilisateur.
L'exploitation de la vulnérabilité ne nécessite pas nécessairement :
- l'intervention de l'utilisateur ;
- l'activation ou la désactivation du support du langage JavaScript.
Certains codes d'exploitation circulant actuellement sur l'Internet sont reconnus par des antivirus sous divers noms : Trojan.Pidief.E, Bloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...
Certains lecteurs PDF installent une extension permettant à l'explorateur de fichiers de Microsoft Windows de réaliser un aperçu des fichiers au format PDF. De ce fait, la vulnérabilité peut également être exploitée par les méthodes suivantes :
- lors de la sélection d'un fichier PDF exploitant cette vulnérabilité ;
- lors de l'exploration d'un répertoire avec un affichage en mode miniature des icônes.
De plus, il semblerait que cette vulnérabilité puisse être exploitée lors de l'affichage de l'infobulle lié à un fichier PDF malveillant dont les méta-données ont été spécialement construites.
Enfin, l'utilisation de services d'indexation automatique (comme WIS, Windows Indexing Services) pourrait déclencher l'exploitation de la vulnérabilité sur un fichier présent sur l'espace de stockage sans intervention particulière de l'utilisateur.
Solution
Se référer à la documentation des éditeurs afin d'obtenir les correctifs (cf. Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader versions 9.x, 8.x et 7.x ;",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "Xpdf versions ant\u00e9rieures \u00e0 la mise \u00e0 jour 3.02pl3.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Adobe Acrobat Standard, Pro et Pro Extended, versions 9.x, 8.x et 7.x.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "KDE versions ant\u00e9rieures \u00e0 la version 3.4.5-12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne erreur dans diff\u00e9rents produits relative \u00e0 l\u0027interpr\u00e9tation des\nobjets encod\u00e9s au format JBIG2 dans des fichiers PDF permet \u00e0 un\nutilisateur de provoquer l\u0027arr\u00eat du logiciel (crash).\n\nElle permet \u00e9galement l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me\nvuln\u00e9rable avec les droits de l\u0027utilisateur.\n\nL\u0027exploitation de la vuln\u00e9rabilit\u00e9 ne n\u00e9cessite pas n\u00e9cessairement :\n\n- l\u0027intervention de l\u0027utilisateur ;\n- l\u0027activation ou la d\u00e9sactivation du support du langage JavaScript.\n\n \n \n\nCertains codes d\u0027exploitation circulant actuellement sur l\u0027Internet sont\nreconnus par des antivirus sous divers noms\u00a0: Trojan.Pidief.E,\nBloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...\n\n \n \n\nCertains lecteurs PDF installent une extension permettant \u00e0\nl\u0027explorateur de fichiers de Microsoft Windows de r\u00e9aliser un aper\u00e7u des\nfichiers au format PDF. De ce fait, la vuln\u00e9rabilit\u00e9 peut \u00e9galement \u00eatre\nexploit\u00e9e par les m\u00e9thodes suivantes :\n\n- lors de la s\u00e9lection d\u0027un fichier PDF exploitant cette vuln\u00e9rabilit\u00e9\n ;\n- lors de l\u0027exploration d\u0027un r\u00e9pertoire avec un affichage en mode\n miniature des ic\u00f4nes.\n\nDe plus, il semblerait que cette vuln\u00e9rabilit\u00e9 puisse \u00eatre exploit\u00e9e\nlors de l\u0027affichage de l\u0027infobulle li\u00e9 \u00e0 un fichier PDF malveillant dont\nles m\u00e9ta-donn\u00e9es ont \u00e9t\u00e9 sp\u00e9cialement construites.\n\nEnfin, l\u0027utilisation de services d\u0027indexation automatique (comme WIS,\nWindows Indexing Services) pourrait d\u00e9clencher l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9 sur un fichier pr\u00e9sent sur l\u0027espace de stockage sans\nintervention particuli\u00e8re de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la documentation des \u00e9diteurs afin d\u0027obtenir les correctifs\n(cf. Documentation).\n",
"cves": [
{
"name": "CVE-2009-0658",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"
},
{
"name": "CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
}
],
"links": [
{
"title": "Mise \u00e0 jour Xpdf du 30 mars 2009 :",
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RSHA-2009-0431 et RSHA-2009-430 du 16 avril 2009 :",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0430.html"
},
{
"title": "Alerte CERTA-2009-ALE-001 du 20 f\u00e9vrier 2009:",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-001/"
},
{
"title": "Avis de s\u00e9curit\u00e9 Adobe apsa09-01 du 19 f\u00e9vrier 2009 :",
"url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RSHA-2009-0431 et RSHA-2009-430 du 16 avril 2009 :",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0431.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-03 du 10 mars 2009 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-03.html"
},
{
"title": "Document du CERTA CERTA-2009-ALE-001 du 20 f\u00e9vrier 2009 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-001/index.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-04 du 18 mars 2009\u00a0:",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
}
],
"reference": "CERTA-2009-AVI-094",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2009-03-11T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 APSB09-04 concernant les versions 7.x et 8.x ;",
"revision_date": "2009-03-20T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins Red Hat et Xpdf.",
"revision_date": "2009-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation des documents PDF par diff\u00e9rents\nlecteurs permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation JBIG2 dans le format PDF",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-03 du 10 mars 2009",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-04 du 18 mars 2009",
"url": null
}
]
}
CERTA-2009-AVI-094
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans l'interprétation des documents PDF par différents lecteurs permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.
Description
Une erreur dans différents produits relative à l'interprétation des objets encodés au format JBIG2 dans des fichiers PDF permet à un utilisateur de provoquer l'arrêt du logiciel (crash).
Elle permet également l'exécution de code arbitraire sur le système vulnérable avec les droits de l'utilisateur.
L'exploitation de la vulnérabilité ne nécessite pas nécessairement :
- l'intervention de l'utilisateur ;
- l'activation ou la désactivation du support du langage JavaScript.
Certains codes d'exploitation circulant actuellement sur l'Internet sont reconnus par des antivirus sous divers noms : Trojan.Pidief.E, Bloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...
Certains lecteurs PDF installent une extension permettant à l'explorateur de fichiers de Microsoft Windows de réaliser un aperçu des fichiers au format PDF. De ce fait, la vulnérabilité peut également être exploitée par les méthodes suivantes :
- lors de la sélection d'un fichier PDF exploitant cette vulnérabilité ;
- lors de l'exploration d'un répertoire avec un affichage en mode miniature des icônes.
De plus, il semblerait que cette vulnérabilité puisse être exploitée lors de l'affichage de l'infobulle lié à un fichier PDF malveillant dont les méta-données ont été spécialement construites.
Enfin, l'utilisation de services d'indexation automatique (comme WIS, Windows Indexing Services) pourrait déclencher l'exploitation de la vulnérabilité sur un fichier présent sur l'espace de stockage sans intervention particulière de l'utilisateur.
Solution
Se référer à la documentation des éditeurs afin d'obtenir les correctifs (cf. Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader versions 9.x, 8.x et 7.x ;",
"product": {
"name": "PDF Reader",
"vendor": {
"name": "Foxit",
"scada": false
}
}
},
{
"description": "Xpdf versions ant\u00e9rieures \u00e0 la mise \u00e0 jour 3.02pl3.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Adobe Acrobat Standard, Pro et Pro Extended, versions 9.x, 8.x et 7.x.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "KDE versions ant\u00e9rieures \u00e0 la version 3.4.5-12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Foxit",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne erreur dans diff\u00e9rents produits relative \u00e0 l\u0027interpr\u00e9tation des\nobjets encod\u00e9s au format JBIG2 dans des fichiers PDF permet \u00e0 un\nutilisateur de provoquer l\u0027arr\u00eat du logiciel (crash).\n\nElle permet \u00e9galement l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me\nvuln\u00e9rable avec les droits de l\u0027utilisateur.\n\nL\u0027exploitation de la vuln\u00e9rabilit\u00e9 ne n\u00e9cessite pas n\u00e9cessairement :\n\n- l\u0027intervention de l\u0027utilisateur ;\n- l\u0027activation ou la d\u00e9sactivation du support du langage JavaScript.\n\n \n \n\nCertains codes d\u0027exploitation circulant actuellement sur l\u0027Internet sont\nreconnus par des antivirus sous divers noms\u00a0: Trojan.Pidief.E,\nBloodhound.PDF-6 (Symantec), Exploit-PDF.i (NAI, Mac Afee)...\n\n \n \n\nCertains lecteurs PDF installent une extension permettant \u00e0\nl\u0027explorateur de fichiers de Microsoft Windows de r\u00e9aliser un aper\u00e7u des\nfichiers au format PDF. De ce fait, la vuln\u00e9rabilit\u00e9 peut \u00e9galement \u00eatre\nexploit\u00e9e par les m\u00e9thodes suivantes :\n\n- lors de la s\u00e9lection d\u0027un fichier PDF exploitant cette vuln\u00e9rabilit\u00e9\n ;\n- lors de l\u0027exploration d\u0027un r\u00e9pertoire avec un affichage en mode\n miniature des ic\u00f4nes.\n\nDe plus, il semblerait que cette vuln\u00e9rabilit\u00e9 puisse \u00eatre exploit\u00e9e\nlors de l\u0027affichage de l\u0027infobulle li\u00e9 \u00e0 un fichier PDF malveillant dont\nles m\u00e9ta-donn\u00e9es ont \u00e9t\u00e9 sp\u00e9cialement construites.\n\nEnfin, l\u0027utilisation de services d\u0027indexation automatique (comme WIS,\nWindows Indexing Services) pourrait d\u00e9clencher l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9 sur un fichier pr\u00e9sent sur l\u0027espace de stockage sans\nintervention particuli\u00e8re de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la documentation des \u00e9diteurs afin d\u0027obtenir les correctifs\n(cf. Documentation).\n",
"cves": [
{
"name": "CVE-2009-0658",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0658"
},
{
"name": "CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
}
],
"links": [
{
"title": "Mise \u00e0 jour Xpdf du 30 mars 2009 :",
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RSHA-2009-0431 et RSHA-2009-430 du 16 avril 2009 :",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0430.html"
},
{
"title": "Alerte CERTA-2009-ALE-001 du 20 f\u00e9vrier 2009:",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-001/"
},
{
"title": "Avis de s\u00e9curit\u00e9 Adobe apsa09-01 du 19 f\u00e9vrier 2009 :",
"url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RSHA-2009-0431 et RSHA-2009-430 du 16 avril 2009 :",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0431.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-03 du 10 mars 2009 :",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-03.html"
},
{
"title": "Document du CERTA CERTA-2009-ALE-001 du 20 f\u00e9vrier 2009 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-001/index.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-04 du 18 mars 2009\u00a0:",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
}
],
"reference": "CERTA-2009-AVI-094",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2009-03-11T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 APSB09-04 concernant les versions 7.x et 8.x ;",
"revision_date": "2009-03-20T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins Red Hat et Xpdf.",
"revision_date": "2009-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation des documents PDF par diff\u00e9rents\nlecteurs permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation JBIG2 dans le format PDF",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-03 du 10 mars 2009",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-04 du 18 mars 2009",
"url": null
}
]
}
BDU:2021-04404
Vulnerability from fstec - Published: 19.03.2009
VLAI
Title
Уязвимость программы редактирования PDF-файлов Adobe Acrobat, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость программы редактирования PDF-файлов Adobe Acrobat существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity
Vendor
Adobe Systems Inc.
Software Name
Acrobat Reader
Software Version
от 7.0 до 7.1.1 (Acrobat Reader), от 8.0 до 8.1.3 (Acrobat Reader), от 9.0 до 9.1 (Acrobat Reader)
Possible Mitigations
Обновление программного средства до актуальной версии
Reference
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://security.gentoo.org/glsa/glsa-200904-17.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://www.exploit-db.com/exploits/9579
http://www.securityfocus.com/archive/1/502116/100/0/threaded
http://www.securityfocus.com/bid/34169
http://www.securitytracker.com/id?1021861
http://www.vupen.com/english/advisories/2009/0770
http://www.vupen.com/english/advisories/2009/1019
http://www.zerodayinitiative.com/advisories/ZDI-09-014
https://exchange.xforce.ibmcloud.com/vulnerabilities/49312
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Adobe Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 7.0 \u0434\u043e 7.1.1 (Acrobat Reader), \u043e\u0442 8.0 \u0434\u043e 8.1.3 (Acrobat Reader), \u043e\u0442 9.0 \u0434\u043e 9.1 (Acrobat Reader)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.03.2009",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.11.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.09.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-04404",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2009-0927",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Acrobat Reader",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Acrobat, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PDF-\u0444\u0430\u0439\u043b\u043e\u0432 Adobe Acrobat \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html\nhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html\nhttp://security.gentoo.org/glsa/glsa-200904-17.xml\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1\nhttp://www.adobe.com/support/security/bulletins/apsb09-04.html\nhttp://www.exploit-db.com/exploits/9579\nhttp://www.securityfocus.com/archive/1/502116/100/0/threaded\nhttp://www.securityfocus.com/bid/34169\nhttp://www.securitytracker.com/id?1021861\nhttp://www.vupen.com/english/advisories/2009/0770\nhttp://www.vupen.com/english/advisories/2009/1019\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-014\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/49312",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)"
}
FKIE_CVE-2009-0927
Vulnerability from fkie_nvd - Published: 2009-03-19 10:30 - Updated: 2026-04-22 14:12
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | acrobat_reader | * | |
| adobe | acrobat_reader | * | |
| adobe | acrobat_reader | * |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE671D4C-9BAC-4E77-A983-12F6BFD70562",
"versionEndExcluding": "7.1.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B03B6302-5781-4010-AD6A-7D18973D70C1",
"versionEndExcluding": "8.1.3",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBEDB79-859B-4EC6-8AFB-81FC20EB52B1",
"versionEndExcluding": "9.1",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Adobe Reader y Adobe Acrobat v9.1 y v7.1.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores desconocidos, en relaci\u00f3n con un m\u00e9todo JavaScript y validaci\u00f3n de entrada, una vulnerabilidad diferente a CVE-2009-0658."
}
],
"evaluatorSolution": "Per vendor advisory in the \u0027details\u0027 section it states:\n\n\"The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)\"\n\nhttp://www.adobe.com/support/security/bulletins/apsb09-04.html",
"id": "CVE-2009-0927",
"lastModified": "2026-04-22T14:12:44.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2009-03-19T10:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34490"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34790"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34169"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021861"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-WR9V-3QGM-Q33G
Vulnerability from github – Published: 2022-05-02 03:19 – Updated: 2025-10-22 03:30
VLAI
Details
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2009-0927"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-03-19T10:30:00Z",
"severity": "HIGH"
},
"details": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"id": "GHSA-wr9v-3qgm-q33g",
"modified": "2025-10-22T03:30:26Z",
"published": "2022-05-02T03:19:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34490"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34706"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34790"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/34169"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021861"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2009-0927
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-0927",
"description": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"id": "GSD-2009-0927",
"references": [
"https://www.suse.com/security/cve/CVE-2009-0927.html",
"https://access.redhat.com/errata/RHSA-2008:0974",
"https://packetstormsecurity.com/files/cve/CVE-2009-0927"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-0927"
],
"details": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"id": "GSD-2009-0927",
"modified": "2023-12-13T01:19:44.055384Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2009-0927",
"dateAdded": "2022-03-25",
"dueDate": "2022-04-15",
"product": "Reader and Acrobat",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.",
"vendorProject": "Adobe",
"vulnerabilityName": "Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-014",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
},
{
"name": "9579",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"name": "34169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34169"
},
{
"name": "34790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34790"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "1021861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021861"
},
{
"name": "ADV-2009-0770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"name": "34490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34490"
},
{
"name": "SUSE-SA:2009:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"name": "20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
},
{
"name": "34706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34706"
},
{
"name": "256788",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"name": "GLSA-200904-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "ADV-2009-1019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"name": "adobe-unspecified-javascript-code-execution(49312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.3",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.1.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0927"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34169",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34169"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "1021861",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021861"
},
{
"name": "ADV-2009-0770",
"refsource": "VUPEN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0770"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-014",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-014"
},
{
"name": "34490",
"refsource": "SECUNIA",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34490"
},
{
"name": "SUSE-SA:2009:014",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"name": "34706",
"refsource": "SECUNIA",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34706"
},
{
"name": "256788",
"refsource": "SUNALERT",
"tags": [
"Broken Link"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"name": "ADV-2009-1019",
"refsource": "VUPEN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1019"
},
{
"name": "GLSA-200904-17",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "34790",
"refsource": "SECUNIA",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/34790"
},
{
"name": "9579",
"refsource": "EXPLOIT-DB",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/9579"
},
{
"name": "adobe-unspecified-javascript-code-execution(49312)",
"refsource": "XF",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49312"
},
{
"name": "20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/502116/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-11-08T20:25Z",
"publishedDate": "2009-03-19T10:30Z"
}
}
}
RHSA-2008:0974
Vulnerability from csaf_redhat - Published: 2008-11-12 17:26 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: acroread security update
Severity
Critical
Notes
Topic: Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
CWE-20 - Improper Input ValidationAffected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
6.8 ()
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0974",
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-11-21T17:33:57+00:00",
"generator": {
"date": "2025-11-21T17:33:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0974",
"initial_release_date": "2008-11-12T17:26:00+00:00",
"revision_history": [
{
"date": "2008-11-12T17:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-12T12:26:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-0:8.1.3-1.el5.i386",
"product_id": "acroread-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-0:8.1.3-1.el4.i386",
"product_id": "acroread-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.i386",
"product_id": "acroread-plugin-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.i386",
"product": {
"name": "acroread-0:8.1.3-1.i386",
"product_id": "acroread-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2549",
"discovery_date": "2008-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450078"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: crash and possible code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2549"
},
{
"category": "external",
"summary": "RHBZ#450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
}
],
"release_date": "2008-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: crash and possible code execution"
},
{
"cve": "CVE-2008-2992",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469877"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: JavaScript util.printf() function buffer overflow",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2992"
},
{
"category": "external",
"summary": "RHBZ#469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: JavaScript util.printf() function buffer overflow"
},
{
"cve": "CVE-2008-4812",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469875"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: embedded font handling out-of-bounds array indexing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4812"
},
{
"category": "external",
"summary": "RHBZ#469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: embedded font handling out-of-bounds array indexing"
},
{
"cve": "CVE-2008-4813",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469876"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4813"
},
{
"category": "external",
"summary": "RHBZ#469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
},
{
"cve": "CVE-2008-4814",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469880"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: arbitrary code execution via unspecified JavaScript method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4814"
},
{
"category": "external",
"summary": "RHBZ#469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: arbitrary code execution via unspecified JavaScript method"
},
{
"cve": "CVE-2008-4815",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469882"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: insecure RPATH flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4815"
},
{
"category": "external",
"summary": "RHBZ#469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Reader: insecure RPATH flaw"
},
{
"cve": "CVE-2008-4817",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469923"
}
],
"notes": [
{
"category": "description",
"text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: Download Manager input validation flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4817"
},
{
"category": "external",
"summary": "RHBZ#469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: Download Manager input validation flaw"
},
{
"cve": "CVE-2009-0927",
"discovery_date": "2009-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618340"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0927"
},
{
"category": "external",
"summary": "RHBZ#1618340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
}
]
}
RHSA-2008_0974
Vulnerability from csaf_redhat - Published: 2008-11-12 17:26 - Updated: 2024-11-14 10:06Summary
Red Hat Security Advisory: acroread security update
Severity
Critical
Notes
Topic: Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
CWE-20 - Improper Input ValidationAffected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
6.8 ()
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-plugin-0:8.1.3-1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4\nExtras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nSeveral input validation flaws were discovered in Adobe Reader. A malicious\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader. (CVE-2008-2549,\nCVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)\n\nThe Adobe Reader binary had an insecure relative RPATH (runtime library\nsearch path) set in the ELF (Executable and Linking Format) header. A local\nattacker able to convince another user to run Adobe Reader in an\nattacker-controlled directory could run arbitrary code with the privileges\nof the victim. (CVE-2008-4815)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Adobe Reader version 8.1.3, and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0974",
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0974.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:06:43+00:00",
"generator": {
"date": "2024-11-14T10:06:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2008:0974",
"initial_release_date": "2008-11-12T17:26:00+00:00",
"revision_history": [
{
"date": "2008-11-12T17:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-11-12T12:26:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:06:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-0:8.1.3-1.el5.i386",
"product_id": "acroread-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-0:8.1.3-1.el4.i386",
"product_id": "acroread-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_id": "acroread-plugin-0:8.1.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.3-1.i386",
"product": {
"name": "acroread-plugin-0:8.1.3-1.i386",
"product_id": "acroread-plugin-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.3-1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.3-1.i386",
"product": {
"name": "acroread-0:8.1.3-1.i386",
"product_id": "acroread-0:8.1.3-1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.3-1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-0:8.1.3-1.i386"
},
"product_reference": "acroread-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-plugin-0:8.1.3-1.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-2549",
"discovery_date": "2008-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "450078"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: crash and possible code execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2549"
},
{
"category": "external",
"summary": "RHBZ#450078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2549"
}
],
"release_date": "2008-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: crash and possible code execution"
},
{
"cve": "CVE-2008-2992",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469877"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: JavaScript util.printf() function buffer overflow",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2992"
},
{
"category": "external",
"summary": "RHBZ#469877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2992"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2992"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: JavaScript util.printf() function buffer overflow"
},
{
"cve": "CVE-2008-4812",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469875"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: embedded font handling out-of-bounds array indexing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4812"
},
{
"category": "external",
"summary": "RHBZ#469875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4812"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: embedded font handling out-of-bounds array indexing"
},
{
"cve": "CVE-2008-4813",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469876"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4813"
},
{
"category": "external",
"summary": "RHBZ#469876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4813"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw"
},
{
"cve": "CVE-2008-4814",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469880"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: arbitrary code execution via unspecified JavaScript method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4814"
},
{
"category": "external",
"summary": "RHBZ#469880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4814"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: arbitrary code execution via unspecified JavaScript method"
},
{
"cve": "CVE-2008-4815",
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469882"
}
],
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: insecure RPATH flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4815"
},
{
"category": "external",
"summary": "RHBZ#469882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4815",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4815"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Reader: insecure RPATH flaw"
},
{
"cve": "CVE-2008-4817",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2008-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "469923"
}
],
"notes": [
{
"category": "description",
"text": "The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Reader: Download Manager input validation flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4817"
},
{
"category": "external",
"summary": "RHBZ#469923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=469923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4817",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4817"
}
],
"release_date": "2008-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Reader: Download Manager input validation flaw"
},
{
"cve": "CVE-2009-0927",
"discovery_date": "2009-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618340"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0927"
},
{
"category": "external",
"summary": "RHBZ#1618340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0927"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-11-12T17:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0974"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-0:8.1.3-1.i386",
"3AS-LACD:acroread-plugin-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-0:8.1.3-1.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.3-1.i386",
"3ES-LACD:acroread-0:8.1.3-1.i386",
"3ES-LACD:acroread-plugin-0:8.1.3-1.i386",
"3WS-LACD:acroread-0:8.1.3-1.i386",
"3WS-LACD:acroread-plugin-0:8.1.3-1.i386",
"4AS-LACD:acroread-0:8.1.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-0:8.1.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-0:8.1.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-0:8.1.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.3-1.el4.i386",
"5Client-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-0:8.1.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…