CVE-2009-3955 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-3955
Status Candidate
Description Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
Severity High
CVSS score 10
CVSS vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Phase Assigned (21.08.2010)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3955
References BID : 37757
CERT : TA10-013A
CONFIRM : http://www.adobe.com/support/security/bulletins/ap...
CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=554293
IDEFENSE : 20100113 Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability
OVAL : oval:org.mitre.oval:def:8255
REDHAT : RHSA-2010:0060
SECTRACK : 1023446
SECUNIA : 38138
SECUNIA : 38215
SUSE : SUSE-SA:2010:008
VUPEN : ADV-2010-0103
XF : acrobat-reader-jpxdecode-code-exec(55553)
SecurityVulns: Adobe Acrobat and Reader multiple security vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server