Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0928

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-0928
Last Modified 25 Oct 2010 04:51:48
Published 24 Mar 2009 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0928

Summary

Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.

Vulnerable Systems

Application

  • Adobe Acrobat 3.0

  • Adobe Acrobat 3.1

  • Adobe Acrobat 4.0

  • Adobe Acrobat 4.0.5

  • Adobe Acrobat 4.0.5a

  • Adobe Acrobat 4.0.5c

  • Adobe Acrobat 5.0

  • Adobe Acrobat 5.0.10

  • Adobe Acrobat 5.0.5

  • Adobe Acrobat 5.0.6

  • Adobe Acrobat 6.0

  • Adobe Acrobat 6.0.1

  • Adobe Acrobat 6.0.2

  • Adobe Acrobat 6.0.3

  • Adobe Acrobat 6.0.4

  • Adobe Acrobat 6.0.5

  • Adobe Acrobat 6.0.6

  • Adobe Acrobat 7.0

  • Adobe Acrobat 7.0.1

  • Adobe Acrobat 7.0.2

  • Adobe Acrobat 7.0.3

  • Adobe Acrobat 7.0.4

  • Adobe Acrobat 7.0.5

  • Adobe Acrobat 7.0.6

  • Adobe Acrobat 7.0.7

  • Adobe Acrobat 7.0.8

  • Adobe Acrobat 7.0.9

  • Adobe Acrobat 7.1.0

  • Adobe Acrobat 7.1.1

  • Adobe Acrobat 7.1.2

  • Adobe Acrobat 7.1.3

  • Adobe Acrobat 7.1.4

  • Adobe Acrobat 8.0.0

  • Adobe Acrobat 8.1

  • Adobe Acrobat 8.1.1

  • Adobe Acrobat 8.1.2

  • Adobe Acrobat 8.1.3

  • Adobe Acrobat 8.1.4

  • Adobe Acrobat 8.1.5

  • Adobe Acrobat 8.1.6

  • Adobe Acrobat 8.1.7

  • Adobe Acrobat 8.2

  • Adobe Acrobat 8.2.1

  • Adobe Acrobat 8.2.2

  • Adobe Acrobat 8.2.3

  • Adobe Acrobat 8.2.4

  • Adobe Acrobat 9.0

  • Adobe Acrobat Reader 3.0

  • Adobe Acrobat Reader 3.01

  • Adobe Acrobat Reader 3.02

  • Adobe Acrobat Reader 4.0

  • Adobe Acrobat Reader 4.0.5

  • Adobe Acrobat Reader 4.0.5a

  • Adobe Acrobat Reader 4.0.5c

  • Adobe Acrobat Reader 4.5

  • Adobe Acrobat Reader 5.0

  • Adobe Acrobat Reader 5.0.10

  • Adobe Acrobat Reader 5.0.11

  • Adobe Acrobat Reader 5.0.5

  • Adobe Acrobat Reader 5.0.6

  • Adobe Acrobat Reader 5.0.7

  • Adobe Acrobat Reader 5.0.9

  • Adobe Acrobat Reader 5.1

  • Adobe Acrobat Reader 6.0

  • Adobe Acrobat Reader 6.0.1

  • Adobe Acrobat Reader 6.0.2

  • Adobe Acrobat Reader 6.0.3

  • Adobe Acrobat Reader 6.0.4

  • Adobe Acrobat Reader 6.0.5

  • Adobe Acrobat Reader 6.0.6

  • Adobe Acrobat Reader 7.0

  • Adobe Acrobat Reader 7.0.1

  • Adobe Acrobat Reader 7.0.2

  • Adobe Acrobat Reader 7.0.3

  • Adobe Acrobat Reader 7.0.4

  • Adobe Acrobat Reader 7.0.5

  • Adobe Acrobat Reader 7.0.6

  • Adobe Acrobat Reader 7.0.7

  • Adobe Acrobat Reader 7.0.8

  • Adobe Acrobat Reader 7.0.9

  • Adobe Acrobat Reader 7.1.0

  • Adobe Acrobat Reader 7.1.1

  • Adobe Acrobat Reader 7.1.2

  • Adobe Acrobat Reader 7.1.3

  • Adobe Acrobat Reader 7.1.4

  • Adobe Acrobat Reader 8.0

  • Adobe Acrobat Reader 8.1

  • Adobe Acrobat Reader 8.1.1

  • Adobe Acrobat Reader 8.1.2

  • Adobe Acrobat Reader 8.1.4

  • Adobe Acrobat Reader 8.1.5

  • Adobe Acrobat Reader 8.1.6

  • Adobe Acrobat Reader 8.1.7

  • Adobe Acrobat Reader 8.2

  • Adobe Acrobat Reader 8.2.1

  • Adobe Acrobat Reader 8.2.2

  • Adobe Acrobat Reader 8.2.3

  • Adobe Acrobat Reader 8.2.4

  • Adobe Acrobat Reader 9.0


References

VUPEN - ADV-2009-1019

SECTRACK - 1021892

BID - 34229

REDHAT - RHSA-2009:0376

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb09-04.html

SUNALERT - 256788

GENTOO - GLSA-200904-17

SECUNIA - 34790

SECUNIA - 34706

SECUNIA - 34490

SECUNIA - 34392

SUSE - SUSE-SR:2009:009

SUSE - SUSE-SA:2009:014

IDEFENSE - 20090324 Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability

Related Patches

Adobe APSB09-03 APSB09-04 Reader 8.1.4 Security Update for Macintosh (PPC)


Last Updated: 27 May 2016 10:50:25