CVE-2009-1492 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2009-1492
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2009-1492

Description: The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/50145 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1 ST 1022139 SAID Secunia Advisory: SA35734 Secunia Advisory: SA35358 Secunia Advisory: SA35416 Secunia Advisory: SA35096 Secunia Advisory: SA35055 Secunia Advisory: SA35152 Secunia Advisory: SA34924 REDHAT http://www.redhat.com/support/errata/RHSA-2009-0478.html OSVDB 54130 MISC http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt MILW0RM http://www.milw0rm.com/exploits/8569 GENTOO http://security.gentoo.org/glsa/glsa-200907-06.xml CONFIRM http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953 http://www.adobe.com/support/security/bulletins/apsb09-06.html CERT-VN 970180 CERT http://www.us-cert.gov/cas/techalerts/TA09-133B.html BID 34736

Return to the previous page.