Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Acrobat / Reader multiple security vulnerabilities
updated since 14.10.2009
Published:19.10.2009
Source:
SecurityVulns ID:10320
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions, array index overflows, etc.
Affected:ADOBE : Adobe Reader 8.1
 ADOBE : Adobe Reader 9.1
 ADOBE : Adobe Reader 7.1
CVE:CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.)
 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.)
 CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.)
Original documentdocumentcocoruder, In-depth research on the recent PDF zero-day exploit (CVE-2009-3459) (19.10.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution (17.10.2009)
 documentVUPEN Security Research, VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities (17.10.2009)
 documentIDEFENSE, iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability (14.10.2009)
 documentZDI, ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability (14.10.2009)
 documentIDEFENSE, iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability (14.10.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-286B -- Adobe Reader and Acrobat Vulnerabilities (14.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod