CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
Added: 05/29/2009
CVE: CVE-2009-1492
BID: 34736
OSVDB: 54130
Adobe Reader is free software for viewing PDF documents.
A vulnerability in the Javascript API allows command execution when a user opens a PDF file which calls the **getAnnots**
method with specially crafted arguments.
Apply one of the patches referenced in APSB09-06.
<http://www.kb.cert.org/vuls/id/970180>
Exploit works on Adobe Reader 8.1.3 and 9.1 and requires a user to open the exploit file in Adobe Reader.
Due to the nature of the vulnerability, the success of the exploit depends on the state of the target system’s memory.
Linux