Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10033
HistoryJun 09, 2009 - 12:00 a.m.

KLA10033 Multiple ACE vulnerabilities in Adobe Acrobat & Reader

2009-06-0900:00:00
Kaspersky Lab
threats.kaspersky.com
42

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.962

Percentile

99.5%

JSON

Multiple serious vulnerabilities have been found in Adobe Acrobat & Reader.

getAnnots and customDictionaryOpen methods in JavaScript API can be exploited to cause denial of service or execute arbitrary code through a specially designed pdf file.

Original advisories

Adobe bulletin

Exploitation

Public exploits exist for this vulnerability.

Related products

Adobe-Reader

Adobe-Acrobat

CVE list

CVE-2009-1493 high

CVE-2009-1492 critical

Solution

Update to latest version

Reader

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Adobe Acrobat & Reader 9 versions 9.1 and earlierAdobe Acrobat & Reader 8 versions 8.1.4 and earlierAdobe Acrobat & Reader versions 7.1.1 and earlier

Related

nessus 11
openvas 14
securityvulns 2
threatpost 1
redhat 1
cert 1
suse 1
checkpoint_advisories 4
ubuntucve 2
cve 2
exploitdb 2
saint 8
nvd 2
cvelist 2
prion 2
gentoo 1
nessus
nessus
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6260)
2011-01-27 00:00:00
SuSE 11 Security Update : acroread_ja (SAT Patch Number 904)
2009-09-24 00:00:00
openSUSE Security Update : acroread (acroread-893)
2009-07-21 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:0478
2009-05-20 00:00:00
Adobe Reader Denial of Service Vulnerability (May 2009)
2009-05-11 00:00:00
Solaris Update for Adobe Acrobat Reader 121104-10
2009-10-13 00:00:00
securityvulns
securityvulns
Adobe reader multiple security vulnerabilities
2009-05-14 00:00:00
US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities
2009-05-14 00:00:00
threatpost
threatpost
Adobe joins Patch Tuesday barrage
2009-05-13 14:36:11
redhat
redhat
(RHSA-2009:0478) Critical: acroread security update
2009-05-13 00:00:00
cert
cert
Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities
2009-04-29 00:00:00
suse
suse
remote code execution in acroread
2009-05-20 18:01:50
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Adobe Reader JavaScript getAnnots Method Memory Corruption Vulnerability
2009-05-03 00:00:00
Adobe Acrobat getAnnots Remote Code Execution - Ver2 (CVE-2009-1492)
2015-05-18 00:00:00
Adobe Acrobat Reader customDictionaryOpen Memory Corruption - Ver2 (CVE-2009-1493)
2014-03-03 00:00:00
ubuntucve
ubuntucve
CVE-2009-1492
2009-04-30 00:00:00
CVE-2009-1493
2009-04-30 00:00:00
cve
cve
CVE-2009-1492
2009-04-30 20:30:00
CVE-2009-1493
2009-04-30 20:30:00
exploitdb
exploitdb
Adobe Reader 8.1.4/9.1 - 'GetAnnots()' Remote Code Execution
2009-04-29 00:00:00
Adobe 8.1.4/9.1 - 'customDictionaryOpen()' Code Execution
2009-04-29 00:00:00
saint
saint
Adobe Reader Javascript API getAnnots method vulnerability
2009-05-29 00:00:00
Adobe Reader Javascript API getAnnots method vulnerability
2009-05-29 00:00:00
Adobe Reader Javascript API getAnnots method vulnerability
2009-05-29 00:00:00
nvd
nvd
CVE-2009-1492
2009-04-30 20:30:00
CVE-2009-1493
2009-04-30 20:30:00
cvelist
cvelist
CVE-2009-1492
2009-04-30 20:00:00
CVE-2009-1493
2009-04-30 20:00:00
prion
prion
Authentication flaw
2009-04-30 20:30:00
Memory corruption
2009-04-30 20:30:00
gentoo
gentoo
Adobe Reader: User-assisted execution of arbitrary code
2009-07-12 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.962

Percentile

99.5%

JSON
Related for KLA10033
nessus11openvas14securityvulns2threatpost1redhat1cert1suse1checkpoint_advisories4ubuntucve2cve2exploitdb2saint8nvd2cvelist2prion2gentoo1