Published: 19/03/2009 Updated: 08/11/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 950

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 prior to 9.1, 8 prior to 8.1.3 , and 7 prior to 7.1.1 allows remote malicious users to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe acrobat reader

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix various security issues are nowavailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4Extras, and Red Hat Enterprise Linux 5 SupplementaryThis update has been r ...

## # $Id: adobe_geticonrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' require 'zl ...

Affected Version : Acrobat Reader 812 - 90 Vendor Patch : wwwadobecom/support/security/bulletins/apsb09-04html Tested On : XP SP2 / SP3 from ZDI : wwwzerodayinitiativecom/advisories/ZDI-09-014/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat ...

#!/usr/bin/env python # # *** Acrobat Reader - Collab getIcon universal exploiter *** # evil_pdfpy, tested on Operating Systems: # Windows XP SP3 English/French # Windows 2003 SP2 English # with Application versions: # Adobe Reader 900/812 English/French # Test methods: # Standalone PDF, embedded PDF in Firefox 3013 and Internet Explorer 7 # ...

## # $Id: adobe_geticonrb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' require ' ...

###たのしいバイナリの歩き方書籍「たのしいバイナリの歩き方」で使用するプログラム一式です。右のサイドバーにある「Download ZIP」をクリックするとすべてのファイルをダウンロードできます。出版社ページ gihyojp/book/2013/978-4-7741-5918-8 著者ブログ（書籍には書けなかった�

Japan Quake Spam leads to Malware Part 3

Securelist • Nicolas Brulez • 21 Mar 2011

Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. This is a follow up blog describing the exploits used. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit. Here is an interesting picture from the servers hosting the exploit kit: You can see below another example from the spam campaign, this time pretending to be an email from Twitter: The ...

Securelist • Alexei Kadiev • 20 Dec 2010

On 25 October 2010, the Dutch police force’s Cybercrime Department announced the shutdown of 143 Bredolab botnet control servers. The next day at Armenia’s Yerevan international airport, one of those formerly responsible for running the botnet was arrested. While it is certainly possible that this marked the end of Bredolab, the technologies behind it remain and can, unfortunately, still be used to create new botnets. Malicious programs from the Backdoor.Win32.Bredolab family were first dete...

Securelist • Eugene Aseev • 08 Mar 2010

The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner. There was no change to the top 5 malicious programs this month and judging by the number of infections, the Kido epidemic has eased off slightly. Exploit.JS.Aurora.a, which, as its name suggests, is a program designed to take advantage of vulnerabilities in a variety of software products. This exploit was widel...

Securelist • Eugene Aseev • 05 Nov 2009

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines. As a result, the Top Twenties have changed somewhat, and the figures in both ratings this month are significantly higher, due to an increased numbers of users participating in KSN. The first Top Twenty lists malicious programs, adware and potentially unwanted program...

CVE-2009-0927

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect