CVE-2009-0927
CVE-2009-0927
In short
Adobe Reader and Acrobat have a flaw where a specially crafted PDF file can cause the application to crash or allow an attacker to run malicious code on your computer. This happens when the software improperly handles certain commands.
Technical detail
Stack-based buffer overflow in the Collab object's getIcon method in Adobe Reader/Acrobat 9.x, 8.x, and 7.x allows remote code execution via a malformed PDF. The vulnerability requires the victim to open a crafted PDF file; successful exploitation results in arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
cve_referencewww.exploit-db.com/exploits/9579unverifiedexploitdbwww.exploit-db.com/exploits/16606unverifiedexploitdbwww.exploit-db.com/exploits/16681unverifiedexploitdbwww.exploit-db.com/exploits/8595unverifiedexploitdbwww.exploit-db.com/exploits/9579unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34490http://secunia.com/advisories/34706http://secunia.com/advisories/34790http://security.gentoo.org/glsa/glsa-200904-17.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/49312http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0927http://www.adobe.com/support/security/bulletins/apsb09-04.htmlhttp://www.exploit-db.com/exploits/9579http://www.securityfocus.com/archive/1/502116/100/0/threaded