CVE-2009-1493

Description

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Related CPE's

aadobereader9.1*******

aadobereader8.1.4*******

olinuxlinux********

References

34740

Exploit

34924

Vendor Advisory

http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

Vendor Advisory

http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt

Exploit

ADV-2009-1189

Vendor Advisory

54129

1022139

VU#970180

US Government Resource

http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html

http://www.adobe.com/support/security/bulletins/apsb09-06.html

RHSA-2009:0478

259028

TA09-133B

US Government Resource

35096

SUSE-SA:2009:027

35055

ADV-2009-1317

35152

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953

35358

SUSE-SR:2009:011

35416

35734

GLSA-200907-06

reader-spellcustom-code-execution(50146)

8570

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

6.800000190734863

Created by Yello
About Severity.io