CVE-2009-3459

Executive Summary

Informations
Name	CVE-2009-3459	First vendor Publication	2009-10-13
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6534

Oval ID:	oval:org.mitre.oval:def:6534
Title:	Adobe Reader and Acrobat allow to execute arbitrary code via a crafted PDF file
Description:	Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3459	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:/a:adobe:acrobat:9.1.3 cpe:/a:adobe:acrobat:9.1.2 cpe:/a:adobe:acrobat:9.1.1 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.0.0 cpe:/a:adobe:acrobat:9 cpe:/a:adobe:acrobat:8.1.6 cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.0.0 cpe:/a:adobe:acrobat:7.1.3 cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:6.0.5 cpe:/a:adobe:acrobat:6.0.4 cpe:/a:adobe:acrobat:6.0.3 cpe:/a:adobe:acrobat:6.0.2 cpe:/a:adobe:acrobat:6.0.1 cpe:/a:adobe:acrobat:6.0 cpe:/a:adobe:acrobat:5.0.6 cpe:/a:adobe:acrobat:5.0.5 cpe:/a:adobe:acrobat:5.0.10 cpe:/a:adobe:acrobat:5.0 cpe:/a:adobe:acrobat:4.0.5c cpe:/a:adobe:acrobat:4.0.5a cpe:/a:adobe:acrobat:4.0.5 cpe:/a:adobe:acrobat:4.0 cpe:/a:adobe:acrobat:3.1 cpe:/a:adobe:acrobat:3.0	40
Application	Adobe Reader cpe:/a:adobe:reader:9.1.3 cpe:/a:adobe:reader:9.1.2 cpe:/a:adobe:reader:9.1 cpe:/a:adobe:reader:9.0 cpe:/a:adobe:reader:8.1.6 cpe:/a:adobe:reader:8.1.4 cpe:/a:adobe:reader:8.1.2 cpe:/a:adobe:reader:8.1.1 cpe:/a:adobe:reader:7.1.3 cpe:/a:adobe:reader:7.1.1 cpe:/a:adobe:reader:7.1.0 cpe:/a:adobe:reader:7.0.9 cpe:/a:adobe:reader:7.0.8 cpe:/a:adobe:reader:7.0.7 cpe:/a:adobe:reader:7.0.5 cpe:/a:adobe:reader:7.0.3 cpe:/a:adobe:reader:7.0.2 cpe:/a:adobe:reader:7.0.1 cpe:/a:adobe:reader:6.0.5 cpe:/a:adobe:reader:6.0.4 cpe:/a:adobe:reader:6.0.3 cpe:/a:adobe:reader:6.0.2 cpe:/a:adobe:reader:6.0.1 cpe:/a:adobe:reader:6.0 cpe:/a:adobe:reader:5.1 cpe:/a:adobe:reader:5.0.9 cpe:/a:adobe:reader:5.0.7 cpe:/a:adobe:reader:5.0.6 cpe:/a:adobe:reader:5.0.5 cpe:/a:adobe:reader:5.0.11 cpe:/a:adobe:reader:5.0.10 cpe:/a:adobe:reader:5.0 cpe:/a:adobe:reader:4.5 cpe:/a:adobe:reader:4.0.5c cpe:/a:adobe:reader:4.0.5a cpe:/a:adobe:reader:4.0.5 cpe:/a:adobe:reader:4.0 cpe:/a:adobe:reader:3.0	38

SAINT Exploits

Description	Link
Adobe Reader FlateDecode filter TIFF Predictor integer overflow	More info here

Open Source Vulnerability Database (OSVDB)

id	Description
58729	Adobe Reader / Acrobat ParamX Parameter PDF File Handling Overflow

Metasploit Database

id	Description
2009-10-08	Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-10-08	Adobe FlateDecode Stream Predictor 02 Integer Overflow

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/36600
CERT	http://www.us-cert.gov/cas/techalerts/TA09-286B.html
CONFIRM	http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html http://www.adobe.com/support/security/bulletins/apsb09-15.html
ISS	http://www.iss.net/threats/348.html
MISC	http://isc.sans.org/diary.html?storyid=7300
SECTRACK	http://securitytracker.com/id?1023007
SECUNIA	http://secunia.com/advisories/36983
VUPEN	http://www.vupen.com/english/advisories/2009/2851 http://www.vupen.com/english/advisories/2009/2898
XF	http://xforce.iss.net/xforce/xfdb/53691

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:58:24	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	78
Saint Exploit(s)	1
osvdb(s)	1
Metasploit Exploit(s)	2

Related	Severity
TA09-286B	(Critical)
SUN-270669	(Critical)
RHSA-2009:1499	(Critical)
GLSA-200910-03	(Critical)

Same Subject	Severity
Login to view 29 more Alert(s)

CVE-2009-3459

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

SAINT Exploits

Open Source Vulnerability Database (OSVDB)

Metasploit Database

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU