CVE-2009-1492

EUVD-2009-1489
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
7.0 ≤
𝑥
≤ 7.1.1
adobeacrobat
8.0 ≤
𝑥
≤ 8.1.4
adobeacrobat
9.0 ≤
𝑥
≤ 9.1
adobeacrobat_reader
7.0 ≤
𝑥
≤ 7.1.1
adobeacrobat_reader
8.0 ≤
𝑥
≤ 8.1.4
adobeacrobat_reader
9.0 ≤
𝑥
≤ 9.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acroread
dapper
ignored
hardy
Fixed 9.1.2-0hardy3
released
intrepid
Fixed 9.1.2-3intrepid1
released
jaunty
Fixed 9.1.2-3jaunty1
released
karmic
Fixed 9.2-1karmic1
released
Common Weakness Enumeration
References
http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://osvdb.org/54130
http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt
http://secunia.com/advisories/34924
http://secunia.com/advisories/35055
http://secunia.com/advisories/35096
http://secunia.com/advisories/35152
http://secunia.com/advisories/35358
http://secunia.com/advisories/35416
http://secunia.com/advisories/35734
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
http://www.adobe.com/support/security/bulletins/apsb09-06.html
http://www.kb.cert.org/vuls/id/970180
http://www.redhat.com/support/errata/RHSA-2009-0478.html
http://www.securityfocus.com/bid/34736
http://www.securitytracker.com/id?1022139
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
http://www.vupen.com/english/advisories/2009/1189
http://www.vupen.com/english/advisories/2009/1317
https://exchange.xforce.ibmcloud.com/vulnerabilities/50145
https://www.exploit-db.com/exploits/8569
http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://osvdb.org/54130
http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt
http://secunia.com/advisories/34924
http://secunia.com/advisories/35055
http://secunia.com/advisories/35096
http://secunia.com/advisories/35152
http://secunia.com/advisories/35358
http://secunia.com/advisories/35416
http://secunia.com/advisories/35734
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
http://www.adobe.com/support/security/bulletins/apsb09-06.html
http://www.kb.cert.org/vuls/id/970180
http://www.redhat.com/support/errata/RHSA-2009-0478.html
http://www.securityfocus.com/bid/34736
http://www.securitytracker.com/id?1022139
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
http://www.vupen.com/english/advisories/2009/1189
http://www.vupen.com/english/advisories/2009/1317
https://exchange.xforce.ibmcloud.com/vulnerabilities/50145
https://www.exploit-db.com/exploits/8569