Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:AA296E365F7326125870EB3DED9B1E5C
HistoryMay 12, 2009 - 12:00 a.m.

Adobe Reader Javascript API spell.customDictonaryOpen memory corruption

2009-05-1200:00:00
SAINT Corporation
www.saintcorporation.com
13

EPSS

0.909

Percentile

98.9%

JSON

Added: 05/12/2009
CVE: CVE-2009-1493
BID: 34740
OSVDB: 54129

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A memory corruption vulnerability in the Javascript API in Adobe Reader allows command execution when a user opens a specially crafted PDF file which calls the **spell.customDictionaryOpen** method.

Resolution

Apply the patches referenced in APSB09-06.

References

<http://www.kb.cert.org/vuls/id/970180&gt;

Limitations

Exploit works on Adobe Reader 8.1.3 and 9.1 on Ubuntu 8.04.1 and Red Hat Enterprise Linux 5 with Exec-Shield enabled. Note that binary files AdbeRdr9.1.0-1_i486linux_enu.bin and AdobeReader_enu-8.1.3-1.i486.tar.gz from the official site of the vendor were used to develop this exploit.

Platforms

Linux

Related

checkpoint_advisories 2
cvelist 1
ubuntucve 1
nvd 1
saint 3
prion 1
exploitdb 1
cve 1
nessus 9
openvas 11
securityvulns 2
cert 1
redhat 1
suse 1
kaspersky 1
threatpost 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat Reader customDictionaryOpen Memory Corruption - Ver2 (CVE-2009-1493)
2014-03-03 00:00:00
Adobe Reader JavaScript spell.customDictionaryOpen Method Memory Corruption - Ver2 (CVE-2009-1493)
2014-03-03 00:00:00
cvelist
cvelist
CVE-2009-1493
2009-04-30 20:00:00
ubuntucve
ubuntucve
CVE-2009-1493
2009-04-30 00:00:00
nvd
nvd
CVE-2009-1493
2009-04-30 20:30:00
saint
saint
Adobe Reader Javascript API spell.customDictonaryOpen memory corruption
2009-05-12 00:00:00
Adobe Reader Javascript API spell.customDictonaryOpen memory corruption
2009-05-12 00:00:00
Adobe Reader Javascript API spell.customDictonaryOpen memory corruption
2009-05-12 00:00:00
prion
prion
Memory corruption
2009-04-30 20:30:00
exploitdb
exploitdb
Adobe 8.1.4/9.1 - &#039;customDictionaryOpen()&#039; Code Execution
2009-04-29 00:00:00
cve
cve
CVE-2009-1493
2009-04-30 20:30:00
nessus
nessus
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6260)
2011-01-27 00:00:00
openSUSE Security Update : acroread (acroread-893)
2009-07-21 00:00:00
openSUSE 10 Security Update : acroread (acroread-6258)
2009-05-22 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:0478
2009-05-20 00:00:00
Solaris Update for Adobe Acrobat Reader 121104-10
2009-10-13 00:00:00
RedHat Security Advisory RHSA-2009:0478
2009-05-20 00:00:00
securityvulns
securityvulns
Adobe reader multiple security vulnerabilities
2009-05-14 00:00:00
US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities
2009-05-14 00:00:00
cert
cert
Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities
2009-04-29 00:00:00
redhat
redhat
(RHSA-2009:0478) Critical: acroread security update
2009-05-13 00:00:00
suse
suse
remote code execution in acroread
2009-05-20 18:01:50
kaspersky
kaspersky
KLA10033 Multiple ACE vulnerabilities in Adobe Acrobat & Reader
2009-06-09 00:00:00
threatpost
threatpost
Adobe joins Patch Tuesday barrage
2009-05-13 14:36:11
gentoo
gentoo
Adobe Reader: User-assisted execution of arbitrary code
2009-07-12 00:00:00

EPSS

0.909

Percentile

98.9%

JSON
Related for SAINT:AA296E365F7326125870EB3DED9B1E5C
checkpoint_advisories2cvelist1ubuntucve1nvd1saint3prion1exploitdb1cve1nessus9openvas11securityvulns2cert1redhat1suse1kaspersky1threatpost1gentoo1