CVE-2009-1855

EUVD-2009-1850
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
7.0
adobeacrobat
7.0
adobeacrobat
7.0
adobeacrobat
7.0.1
adobeacrobat
7.0.1
adobeacrobat
7.0.1
adobeacrobat
7.0.2
adobeacrobat
7.0.2
adobeacrobat
7.0.2
adobeacrobat
7.0.3
adobeacrobat
7.0.3
adobeacrobat
7.0.3
adobeacrobat
7.0.4
adobeacrobat
7.0.4
adobeacrobat
7.0.4
adobeacrobat
7.0.5
adobeacrobat
7.0.5
adobeacrobat
7.0.5
adobeacrobat
7.0.6
adobeacrobat
7.0.6
adobeacrobat
7.0.6
adobeacrobat
7.0.7
adobeacrobat
7.0.7
adobeacrobat
7.0.7
adobeacrobat
7.0.8
adobeacrobat
7.0.8
adobeacrobat
7.0.8
adobeacrobat
7.0.8
adobeacrobat
7.0.9
adobeacrobat
7.0.9
adobeacrobat
7.1
adobeacrobat
7.1
adobeacrobat
7.1
adobeacrobat
7.1.0
adobeacrobat
7.1.1
adobeacrobat
7.1.1
adobeacrobat
8.0
adobeacrobat
8.0
adobeacrobat
8.0
adobeacrobat
8.1
adobeacrobat
8.1
adobeacrobat
8.1.1
adobeacrobat
8.1.1
adobeacrobat
8.1.1
adobeacrobat
8.1.2
adobeacrobat
8.1.2
adobeacrobat
8.1.2
adobeacrobat
8.1.2:security_update
adobeacrobat
8.1.3
adobeacrobat
8.1.3
adobeacrobat
8.1.3
adobeacrobat
8.1.4
adobeacrobat
8.1.4
adobeacrobat
8.1.4
adobeacrobat
9.0
adobeacrobat
9.0
adobeacrobat
9.0.0
adobeacrobat
9.1
adobeacrobat
9.1
adobeacrobat_reader
7.0
adobeacrobat_reader
7.0.1
adobeacrobat_reader
7.0.2
adobeacrobat_reader
7.0.3
adobeacrobat_reader
7.0.4
adobeacrobat_reader
7.0.5
adobeacrobat_reader
7.0.6
adobeacrobat_reader
7.0.7
adobeacrobat_reader
7.0.8
adobeacrobat_reader
7.0.9
adobeacrobat_reader
7.1
adobeacrobat_reader
7.1.1
adobeacrobat_reader
8.0
adobeacrobat_reader
8.1
adobeacrobat_reader
8.1.1
adobeacrobat_reader
8.1.2
adobeacrobat_reader
8.1.2:security_update
adobeacrobat_reader
8.1.3
adobeacrobat_reader
8.1.4
adobeacrobat_reader
8.1.5
adobeacrobat_reader
9.1
adobeacrobat_reader
9.1.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acroread
dapper
ignored
hardy
Fixed 9.1.2-0hardy3
released
intrepid
Fixed 9.1.2-3intrepid1
released
jaunty
Fixed 9.1.2-3jaunty1
released
karmic
Fixed 9.2-1karmic1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/34580
http://secunia.com/advisories/35496
http://secunia.com/advisories/35655
http://secunia.com/advisories/35685
http://secunia.com/advisories/35734
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://securitytracker.com/id?1022361
http://www.adobe.com/support/security/bulletins/apsb09-07.html
http://www.redhat.com/support/errata/RHSA-2009-1109.html
http://www.securityfocus.com/archive/1/504229/100/0/threaded
http://www.securityfocus.com/bid/35274
http://www.securityfocus.com/bid/35282
http://www.us-cert.gov/cas/techalerts/TA09-161A.html
http://www.vupen.com/english/advisories/2009/1547
http://www.zerodayinitiative.com/advisories/ZDI-09-042
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/34580
http://secunia.com/advisories/35496
http://secunia.com/advisories/35655
http://secunia.com/advisories/35685
http://secunia.com/advisories/35734
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://securitytracker.com/id?1022361
http://www.adobe.com/support/security/bulletins/apsb09-07.html
http://www.redhat.com/support/errata/RHSA-2009-1109.html
http://www.securityfocus.com/archive/1/504229/100/0/threaded
http://www.securityfocus.com/bid/35274
http://www.securityfocus.com/bid/35282
http://www.us-cert.gov/cas/techalerts/TA09-161A.html
http://www.vupen.com/english/advisories/2009/1547
http://www.zerodayinitiative.com/advisories/ZDI-09-042