Computer Security
[EN] securityvulns.ru no-pyccku


Adobe reader multiple security vulnerabilities
Published:14.05.2009
Source:
SecurityVulns ID:9908
Type:remote
Threat Level:
7/10
Description:Vulnerabilities in different jkavascript methods.
Affected:ADOBE : Reader 8.1
 ADOBE : Acrobat 8.1
 ADOBE : Reader 9.1
 ADOBE : Acrobat 9.1
CVE:CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.)
 CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA09-133B -- Adobe Reader and Acrobat JavaScript Vulnerabilities (14.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod