CVE-2009-0658

EUVD-2009-0661
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
7.0 ≤
𝑥
≤ 7.1.1
adobeacrobat
8.0 ≤
𝑥
≤ 8.1.4
adobeacrobat
9.0
adobeacrobat_reader
7.0 ≤
𝑥
≤ 7.1.1
adobeacrobat_reader
8.0 ≤
𝑥
≤ 8.1.4
adobeacrobat_reader
9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acroread
dapper
ignored
gutsy
dne
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
Common Weakness Enumeration
References
http://isc.sans.org/diary.html?n&storyid=5902
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://osvdb.org/52073
http://secunia.com/advisories/33901
http://secunia.com/advisories/34392
http://secunia.com/advisories/34490
http://secunia.com/advisories/34706
http://secunia.com/advisories/34790
http://security.gentoo.org/glsa/glsa-200904-17.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://www.kb.cert.org/vuls/id/905281
http://www.redhat.com/support/errata/RHSA-2009-0376.html
http://www.securityfocus.com/bid/33751
http://www.securitytracker.com/id?1021739
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219
http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2
http://www.us-cert.gov/cas/techalerts/TA09-051A.html
http://www.vupen.com/english/advisories/2009/0472
http://www.vupen.com/english/advisories/2009/1019
https://exchange.xforce.ibmcloud.com/vulnerabilities/48825
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697
https://www.exploit-db.com/exploits/8090
https://www.exploit-db.com/exploits/8099
http://isc.sans.org/diary.html?n&storyid=5902
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://osvdb.org/52073
http://secunia.com/advisories/33901
http://secunia.com/advisories/34392
http://secunia.com/advisories/34490
http://secunia.com/advisories/34706
http://secunia.com/advisories/34790
http://security.gentoo.org/glsa/glsa-200904-17.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://www.kb.cert.org/vuls/id/905281
http://www.redhat.com/support/errata/RHSA-2009-0376.html
http://www.securityfocus.com/bid/33751
http://www.securitytracker.com/id?1021739
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219
http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2
http://www.us-cert.gov/cas/techalerts/TA09-051A.html
http://www.vupen.com/english/advisories/2009/0472
http://www.vupen.com/english/advisories/2009/1019
https://exchange.xforce.ibmcloud.com/vulnerabilities/48825
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697
https://www.exploit-db.com/exploits/8090
https://www.exploit-db.com/exploits/8099