Lucene search
SAINT CorporationSAINT:19D92BD2ABAFAA8C8FDB89798EE599D5HistoryOct 27, 2009 - 12:00 a.m.
Adobe Reader FlateDecode filter TIFF Predictor integer overflow
2009-10-2700:00:00
SAINT Corporation
download.saintcorporation.com
40
EPSS
0.973
Percentile
99.9%
Added: 10/27/2009
CVE: CVE-2009-3459
BID: 36600
OSVDB: 58729
Background
Adobe Reader is free software for viewing PDF documents.
Problem
An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed objects which use the TIFF predictor.
Resolution
Upgrade to Adobe Reader 9.2 or higher.
References
<http://www.adobe.com/support/security/bulletins/apsb09-15.html>
<http://www.us-cert.gov/cas/techalerts/TA09-286B.html>
Limitations
Exploit works on Adobe Reader 9.1 and requires a user to open the exploit file in Adobe Reader.
Due to the nature of the vulnerability, the success of the exploit depends on the state of the target.
Platforms
Windows
Related
packetstorm
packetstorm
Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-12-31 00:00:00
Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-12-31 00:00:00
metasploit
metasploit
Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-12-16 03:32:44
Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-12-16 20:37:57
saint
saint
Adobe Reader FlateDecode filter TIFF Predictor integer overflow
2009-10-27 00:00:00
Adobe Reader FlateDecode filter TIFF Predictor integer overflow
2009-10-27 00:00:00
Adobe Reader FlateDecode filter TIFF Predictor integer overflow
2009-10-27 00:00:00
cve
cve
CVE-2009-3459
2009-10-13 10:30:00
nvd
nvd
CVE-2009-3459
2009-10-13 10:30:00
checkpoint_advisories
checkpoint_advisories
ubuntucve
ubuntucve
CVE-2009-3459
2009-10-13 00:00:00
securityvulns
securityvulns
In-depth research on the recent PDF zero-day exploit (CVE-2009-3459)
2009-10-19 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2009-10-19 00:00:00
prion
prion
Heap overflow
2009-10-13 10:30:00
cvelist
cvelist
CVE-2009-3459
2009-10-13 10:00:00
seebug
seebug
Adobe Acrobat ReaderθΏη¨δ»£η ζ§θ‘ζΌζ΄
2009-10-09 00:00:00
Adobe Reader: Multiple vulnerabilities
2009-10-27 00:00:00
exploitdb
exploitdb
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)
2010-09-25 00:00:00
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1)
2010-09-20 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1499
2009-10-19 00:00:00
RedHat Security Advisory RHSA-2009:1499
2009-10-19 00:00:00
Gentoo Security Advisory GLSA 200910-03 (acroread)
2009-10-27 00:00:00
redhat
redhat
(RHSA-2009:1499) Critical: acroread security update
2009-10-14 00:00:00
nessus
nessus
RHEL 3 / 4 / 5 : acroread (RHSA-2009:1499)
2009-10-15 00:00:00
GLSA-200910-03 : Adobe Reader: Multiple vulnerabilities
2009-10-26 00:00:00
SuSE 11 Security Update : acroread_ja (SAT Patch Number 1424)
2009-10-26 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2009-10-25 00:00:00
suse
suse
remote code execution in acroread, acroread_ja
2009-10-26 13:17:31