CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.9%
Added: 05/12/2009
CVE: CVE-2009-1493
BID: 34740
OSVDB: 54129
Adobe Reader is free software for viewing PDF documents.
A memory corruption vulnerability in the Javascript API in Adobe Reader allows command execution when a user opens a specially crafted PDF file which calls the **spell.customDictionaryOpen**
method.
Apply the patches referenced in APSB09-06.
<http://www.kb.cert.org/vuls/id/970180>
Exploit works on Adobe Reader 8.1.3 and 9.1 on Ubuntu 8.04.1 and Red Hat Enterprise Linux 5 with Exec-Shield enabled. Note that binary files AdbeRdr9.1.0-1_i486linux_enu.bin and AdobeReader_enu-8.1.3-1.i486.tar.gz from the official site of the vendor were used to develop this exploit.
Linux