Published: 30/04/2009 Updated: 08/11/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and previous versions allows remote malicious users to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe acrobat
adobe acrobat reader

Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix two security issues are now availablefor Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras,and Red Hat Enterprise Linux 5 SupplementaryThis update has been rated ...

//############## //Exploit made by Arr1val //Proved in adobe 91 and adobe 814 on linux // //Steps: //- create a pdf with an annotation (a note) (i used an annotation with a very long AAAAA name, but that might be omitted) //- attach the following script to the OpenAction of the pdf //############## var memory; function New_Script() { //if(ado ...

Challenge Malware Analysis From Cyberdefender

GetPDF_Cyberdefender Repositori ini sengaja saya tulis untuk mendokumentasikan bagaimana saya dalam menganalisa suatu insiden mengenai malware Insiden tersebut berupa challenge yang dibuat oleh "The Honeynet Project" dalam platform cyberdefenders Challenge tersebut berjudul "GetPDF" yang dapat diakses pada link berikut : cyberdefendersorg/blueteam

CWE-399 http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://www.vupen.com/english/advisories/2009/1189 http://www.securityfocus.com/bid/34736 http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt http://secunia.com/advisories/34924 http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html http://osvdb.org/54130 http://www.kb.cert.org/vuls/id/970180 http://www.securitytracker.com/id?1022139 http://www.adobe.com/support/security/bulletins/apsb09-06.html http://www.redhat.com/support/errata/RHSA-2009-0478.html http://www.vupen.com/english/advisories/2009/1317 http://secunia.com/advisories/35055 http://www.us-cert.gov/cas/techalerts/TA09-133B.html http://secunia.com/advisories/35096 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html http://secunia.com/advisories/35152 http://secunia.com/advisories/35358 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/35416 http://secunia.com/advisories/35734 http://security.gentoo.org/glsa/glsa-200907-06.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/50145 https://www.exploit-db.com/exploits/8569 https://access.redhat.com/errata/RHSA-2009:0478 https://nvd.nist.gov https://github.com/Abdibimantara/GetPDF_Cyberdefender https://www.exploit-db.com/exploits/8569/https://www.kb.cert.org/vuls/id/970180

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1492

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect