Action not permitted
Modal body text goes here.
CVE-2009-3955
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:50.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "38138", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38138" }, { "name": "oval:org.mitre.oval:def:8255", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "name": "RHSA-2010:0060", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" }, { "name": "20100113 Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836" }, { "name": "acrobat-reader-jpxdecode-code-exec(55553)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55553" }, { "name": "ADV-2010-0103", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0103" }, { "name": "1023446", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023446" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "name": "38215", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38215" }, { "name": "37757", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/37757" }, { "name": "SUSE-SA:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "TA10-013A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-01-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "38138", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38138" }, { "name": "oval:org.mitre.oval:def:8255", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "name": "RHSA-2010:0060", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" }, { "name": "20100113 Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836" }, { "name": "acrobat-reader-jpxdecode-code-exec(55553)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55553" }, { "name": "ADV-2010-0103", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0103" }, { "name": "1023446", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023446" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "name": "38215", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38215" }, { "name": "37757", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/37757" }, { "name": "SUSE-SA:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "TA10-013A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-3955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "38138", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38138" }, { "name": "oval:org.mitre.oval:def:8255", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "name": "RHSA-2010:0060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" }, { "name": "20100113 Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836" }, { "name": "acrobat-reader-jpxdecode-code-exec(55553)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55553" }, { "name": "ADV-2010-0103", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0103" }, { "name": "1023446", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023446" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "name": "38215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38215" }, { "name": "37757", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37757" }, { "name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "TA10-013A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2009-3955", "datePublished": "2010-01-13T19:00:00", "dateReserved": "2009-11-16T00:00:00", "dateUpdated": "2024-08-07T06:45:50.670Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-3955\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-01-13T19:30:00.483\",\"lastModified\":\"2018-10-30T16:25:16.967\",\"vulnStatus\":\"Modified\",\"evaluatorComment\":\"Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\\r\\n\\r\\na memory corruption vulnerability that could lead to code execution (CVE-2009-3955).\",\"evaluatorImpact\":\"Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\\r\\n\\r\\nAffected software versions\\r\\n\\r\\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\\r\\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.\"},{\"lang\":\"es\",\"value\":\"Adobe Reader y Acrobat versi\u00f3n 9.x anterior a 9.3 y versi\u00f3n 8.x anterior a 8.2 en Windows y Mac OS X, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un marcador JPC_MS_RGN creado en la secuencia Jp2c de un flujo de datos codificado JpxDecode, lo que desencadena una extensi\u00f3n de signo entero que omite una comprobaci\u00f3n de saneamiento, lo que conduce a la corrupci\u00f3n de memoria.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2\",\"matchCriteriaId\":\"C42D46A5-DB0B-48EF-8587-C2CEDAA14A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"465F9134-DD86-4F13-8C39-949BE6E7389A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB041EDF-EFF8-4AA6-8D59-411975547534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C05F6A5-0FB3-489B-9B8B-64C569C03D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AABA4FE3-662B-4956-904D-45086E000890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"998CD79C-458E-46A8-8261-1C40C53D9FA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0155FB0B-7FAD-4388-96C8-A8543B4FDFD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"201F059D-33D1-4D9F-9C6F-FC8EB49E4735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B025E795-5713-485E-8A15-EBE4451A1A46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B453FA1D-0FE9-4324-9644-E167561926C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDEA946E-B6D2-463B-89D0-F2F37278089E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"183B5940-2310-4D2E-99F0-9792A801A442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F8BB13E-2732-4F9E-A588-EA1C00893C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5FCDCBF-597B-439C-8D8B-2819FC70C567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"440B890A-90E9-4456-B92A-856CD17F0C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BD9D8D-39DA-403E-915D-E1B6A46A6BAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8976A7DC-1314-4C4A-A7C5-AA789D2DAB9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37854E7C-2166-48D7-AE8C-44C9468C38C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FECFC942-4F04-420C-A9B4-AE0C0590317F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81817F2-1E3A-4A52-88F1-6B614A2A1F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFFFFF0D-A80F-4B67-BEE2-86868EF7AA37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DC97A87-2652-4AD6-8E10-419A9AC9C245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1F71AE-3591-499E-B09F-AAC4E38F1CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D75174C-EBF9-4117-9E66-80E847012853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69B0305A-51D3-4E09-B96C-54B0ED921DA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9762FE57-837B-4FFA-9813-AC038450EB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0055A38C-E421-40A1-8BC7-11856A20B8F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"758CC9EE-8929-405B-A845-83BAAECCB2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24A7CF98-27EC-406A-98E2-ACC1AAAF5C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC1BD70D-7A92-4309-A40C-9BD500997390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9C17896-8895-4731-B77A-F488A94F0CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21AC1961-12F7-456F-9CE4-9AAF116CF141\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF9F1050-B6BE-4B99-882B-36D6E187304D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AE76F7-D7F6-4AF2-A5C6-708B5642C288\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749FFB51-65D4-4A4B-95F3-742440276897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8665E53-EC1E-4B95-9064-2565BC12113E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24218FDA-F9DA-465A-B5D5-76A55C7EE04E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C5F1C5-85CD-47B9-897F-E51D6902AF72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E190FF-3EBC-44AB-8072-4D964E843E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A624D44-C135-4ED3-9BA4-F4F8A044850B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B95C0A99-42E4-40A9-BF61-507E4E4DC052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B9F55CC-3681-4A67-99D1-3F40447392D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA53564-9ACD-4CFB-9AAC-A77440026A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7EC46E3-77B7-4455-B3E0-A45C6B69B3DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F475858-DCE2-4C93-A51A-04718DF17593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88687272-4CD0-42A2-B727-C322ABDE3549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E5C4FA4-3786-47AF-BD7D-8E75927EB3AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2\",\"matchCriteriaId\":\"E7BDB18D-A53C-4252-B2ED-42E6F3609277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C92642-7C8D-411A-8726-06A8A6483D65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBE2E6C-AF0E-4A77-9EB0-3593889BC676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B5C5C14-383C-4630-858E-D40D6C32FD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F509566A-6D4A-40C0-8A16-F8765C5DCAAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"707D7124-6063-4510-80B4-AD9675996F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200FFAE3-CC1C-4A11-99AD-377D54A67195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A990E86-07C0-49E2-92D6-55E499F30FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AED985D-60D7-489E-9F1E-CE3C9D985B7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF7EAA22-CED2-4379-9465-9562BACB1C20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5F7424-1E19-4078-8908-CD86A0185042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2402B40-6B72-48B5-A376-DA8D16CA43FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D968113-340A-4E5A-B4FD-D9702D49E3DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACF742B8-5F7A-487B-835C-756B1BB392F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B9351C2-16ED-4766-B417-8DB3A8766C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74667860-0047-40AD-9468-860591BA9D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9628AFF9-6EE1-4E85-858F-AE96EE64B7F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E2D0266-6954-4DBA-9EEE-8BF73B39DD61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24262AFA-2EC8-479E-8922-36DB4243E404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E62096-08B2-4722-A492-11E9A441E85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5370AC6-90EE-48EA-8DBD-54002B102F7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C36D10A8-D211-437D-98D8-9029D0A9CF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA55D00C-3629-48E4-8699-F62B8D703E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623324C2-C8B5-4C3C-9C10-9677D5A6740A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"634396D6-4ED6-4F4D-9458-396373489589\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A265869-EF58-428E-B8BB-30CABCBE0A83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB421CD-85DE-4495-93B7-46708449AE27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32049561-270C-4B18-9E96-EA0F66ACECAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5491D310-E1C0-4FCB-9DCA-97CA1F95D4BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"996EB48E-D2A8-49E4-915A-EBDE26A9FB94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97E20936-EE31-4CEB-A710-3165A28BAD69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5BEA847-A71E-4336-AB67-B3C38847C1C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F6994B-6969-485B-9286-2592B11A47BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC533775-B52E-43F0-BF19-1473BE36232D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18D1C85E-42CC-46F2-A7B6-DAC3C3995330\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4670451-511E-496C-A78A-887366E1E992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"562772F1-1627-438E-A6B8-7D1AA5536086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F25C9167-C6D4-4264-9197-50878EDA2D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD1D7308-09E9-42B2-8836-DC2326C62A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5C251D2-4C9B-4029-8BED-0FCAED3B8E89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/38138\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/38215\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0060.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/37757\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id?1023446\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-013A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0103\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=554293\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55553\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255\",\"source\":\"psirt@adobe.com\"}]}}" } }
rhsa-2010_0060
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras\ncontain security flaws and should not be used.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nAdobe Reader 8.1.7 is vulnerable to critical security flaws and should no\nlonger be used. A specially-crafted PDF file could cause Adobe Reader to\ncrash or, potentially, execute arbitrary code as the user running Adobe\nReader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954,\nCVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader\n9 for Linux is not compatible with Red Hat Enterprise Linux 3. An\nalternative PDF file viewer available in Red Hat Enterprise Linux 3 is\nxpdf.\n\nThis update removes the acroread packages due to their known security\nvulnerabilities.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0060", "url": "https://access.redhat.com/errata/RHSA-2010:0060" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "category": "external", "summary": "547799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799" }, { "category": "external", "summary": "554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "554296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0060.json" } ], "title": "Red Hat Security Advisory: acroread security update", "tracking": { "current_release_date": "2024-11-14T10:47:51+00:00", "generator": { "date": "2024-11-14T10:47:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0060", "initial_release_date": "2010-01-20T14:38:00+00:00", "revision_history": [ { "date": "2010-01-20T14:38:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-01-20T09:38:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:47:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 3 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 3 Extras", "product_id": "3AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:3" } } }, { "category": "product_name", "name": "Red Hat Desktop version 3 Extras", "product": { "name": "Red Hat Desktop version 3 Extras", "product_id": "3Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:3" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 3 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 3 Extras", "product_id": "3ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:3" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 3 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 3 Extras", "product_id": "3WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:3" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "acroread-uninstall-0:9.3-3.i386", "product": { "name": "acroread-uninstall-0:9.3-3.i386", "product_id": "acroread-uninstall-0:9.3-3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-uninstall@9.3-3?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras", "product_id": "3AS-LACD:acroread-uninstall-0:9.3-3.i386" }, "product_reference": "acroread-uninstall-0:9.3-3.i386", "relates_to_product_reference": "3AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Desktop version 3 Extras", "product_id": "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386" }, "product_reference": "acroread-uninstall-0:9.3-3.i386", "relates_to_product_reference": "3Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras", "product_id": "3ES-LACD:acroread-uninstall-0:9.3-3.i386" }, "product_reference": "acroread-uninstall-0:9.3-3.i386", "relates_to_product_reference": "3ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras", "product_id": "3WS-LACD:acroread-uninstall-0:9.3-3.i386" }, "product_reference": "acroread-uninstall-0:9.3-3.i386", "relates_to_product_reference": "3WS-LACD" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3953", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3953" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3953" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-20T14:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0060" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-06-08T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3954", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3954" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-20T14:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0060" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3955", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3955" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3955" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-20T14:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0060" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3956", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554296" } ], "notes": [ { "category": "description", "text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: script injection vulnerability (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3956" }, { "category": "external", "summary": "RHBZ#554296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3956" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-20T14:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0060" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "acroread: script injection vulnerability (APSB10-02)" }, { "cve": "CVE-2009-3959", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3959" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3959" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-20T14:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0060" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-4324", "discovery_date": "2009-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "547799" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4324" }, { "category": "external", "summary": "RHBZ#547799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4324" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2009-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-20T14:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0060" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS-LACD:acroread-uninstall-0:9.3-3.i386", "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386", "3ES-LACD:acroread-uninstall-0:9.3-3.i386", "3WS-LACD:acroread-uninstall-0:9.3-3.i386" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-06-08T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)" } ] }
rhsa-2010_0037
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated acroread packages that fix multiple security issues and three bugs\nare now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nThis update also fixes the following bugs:\n\n* the acroread process continued to run even after closing a PDF file. If\nmultiple PDF files were opened and then closed, the acroread processes\ncontinued to run and consume system resources (up to 100% CPU usage). With\nthis update, the acroread process correctly exits, which resolves this\nissue. (BZ#473217)\n\n* the PPKLite.api plug-in was missing, causing Adobe Reader to crash when\nattempting to open signed PDF files. For such files, if an immediate crash\nwas not observed, clicking on the Signature Panel could trigger one. With\nthis update, the PPKLite.api plug-in is included, which resolves this\nissue. (BZ#472975)\n\n* Adobe Reader has been upgraded to version 9.3. (BZ#497957)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues and fixes\nthese bugs. All running instances of Adobe Reader must be restarted for the\nupdate to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0037", "url": "https://access.redhat.com/errata/RHSA-2010:0037" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "category": "external", "summary": "472975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472975" }, { "category": "external", "summary": "473217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=473217" }, { "category": "external", "summary": "547799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799" }, { "category": "external", "summary": "554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "554296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0037.json" } ], "title": "Red Hat Security Advisory: acroread security and bug fix update", "tracking": { "current_release_date": "2024-11-14T10:47:38+00:00", "generator": { "date": "2024-11-14T10:47:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0037", "initial_release_date": "2010-01-13T16:03:00+00:00", "revision_history": [ { "date": "2010-01-13T16:03:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-01-13T11:03:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:47:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "acroread-plugin-0:9.3-1.el5.i386", "product": { "name": "acroread-plugin-0:9.3-1.el5.i386", "product_id": "acroread-plugin-0:9.3-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.3-1.el5?arch=i386" } } }, { "category": "product_version", "name": "acroread-0:9.3-1.el5.i386", "product": { "name": "acroread-0:9.3-1.el5.i386", "product_id": "acroread-0:9.3-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.3-1.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-0:9.3-1.el5.i386" }, "product_reference": "acroread-0:9.3-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.3-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-0:9.3-1.el5.i386" }, "product_reference": "acroread-0:9.3-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.3-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3953", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3953" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3953" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0037" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-06-08T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3954", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3954" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0037" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3955", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3955" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3955" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0037" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3956", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554296" } ], "notes": [ { "category": "description", "text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: script injection vulnerability (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3956" }, { "category": "external", "summary": "RHBZ#554296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3956" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0037" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "acroread: script injection vulnerability (APSB10-02)" }, { "cve": "CVE-2009-3959", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3959" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3959" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0037" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-4324", "discovery_date": "2009-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "547799" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4324" }, { "category": "external", "summary": "RHBZ#547799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4324" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2009-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0037" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.3-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-0:9.3-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-06-08T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)" } ] }
rhsa-2010_0038
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0038", "url": "https://access.redhat.com/errata/RHSA-2010:0038" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "category": "external", "summary": "547799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799" }, { "category": "external", "summary": "554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "554296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0038.json" } ], "title": "Red Hat Security Advisory: acroread security update", "tracking": { "current_release_date": "2024-11-14T10:47:42+00:00", "generator": { "date": "2024-11-14T10:47:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2010:0038", "initial_release_date": "2010-01-13T16:08:00+00:00", "revision_history": [ { "date": "2010-01-13T16:08:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-01-13T11:08:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:47:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Desktop version 4 Extras", "product": { "name": "Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "acroread-plugin-0:9.3-1.el4.i386", "product": { "name": "acroread-plugin-0:9.3-1.el4.i386", "product_id": "acroread-plugin-0:9.3-1.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.3-1.el4?arch=i386" } } }, { "category": "product_version", "name": "acroread-0:9.3-1.el4.i386", "product": { "name": "acroread-0:9.3-1.el4.i386", "product_id": "acroread-0:9.3-1.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.3-1.el4?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:acroread-0:9.3-1.el4.i386" }, "product_reference": "acroread-0:9.3-1.el4.i386", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.3-1.el4.i386", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:acroread-0:9.3-1.el4.i386" }, "product_reference": "acroread-0:9.3-1.el4.i386", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.3-1.el4.i386", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:acroread-0:9.3-1.el4.i386" }, "product_reference": "acroread-0:9.3-1.el4.i386", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.3-1.el4.i386", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:acroread-0:9.3-1.el4.i386" }, "product_reference": "acroread-0:9.3-1.el4.i386", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.3-1.el4.i386", "relates_to_product_reference": "4WS-LACD" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3953", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3953" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3953" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:08:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0038" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-06-08T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3954", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3954" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:08:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0038" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3955", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3955" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3955" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:08:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0038" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-3956", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554296" } ], "notes": [ { "category": "description", "text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: script injection vulnerability (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3956" }, { "category": "external", "summary": "RHBZ#554296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3956" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:08:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0038" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "acroread: script injection vulnerability (APSB10-02)" }, { "cve": "CVE-2009-3959", "discovery_date": "2010-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "554293" } ], "notes": [ { "category": "description", "text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple code execution flaws (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3959" }, { "category": "external", "summary": "RHBZ#554293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3959" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959" } ], "release_date": "2010-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:08:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0038" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple code execution flaws (APSB10-02)" }, { "cve": "CVE-2009-4324", "discovery_date": "2009-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "547799" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4324" }, { "category": "external", "summary": "RHBZ#547799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4324" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2009-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-01-13T16:08:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0038" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.3-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-0:9.3-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386", "4ES-LACD:acroread-0:9.3-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386", "4WS-LACD:acroread-0:9.3-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-06-08T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)" } ] }
ghsa-wfg4-6mw6-5m2j
Vulnerability from github
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
{ "affected": [], "aliases": [ "CVE-2009-3955" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2010-01-13T19:30:00Z", "severity": "HIGH" }, "details": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.", "id": "GHSA-wfg4-6mw6-5m2j", "modified": "2022-05-02T03:50:12Z", "published": "2022-05-02T03:50:12Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55553" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255" }, { "type": "WEB", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/38138" }, { "type": "WEB", "url": "http://secunia.com/advisories/38215" }, { "type": "WEB", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/37757" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1023446" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0103" } ], "schema_version": "1.4.0", "severity": [] }
var-200912-0751
Vulnerability from variot
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Reader and Acrobat are prone to a memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions. NOTE: This issue was previously covered in BID 37667 (Adobe Acrobat and Reader January 2010 Multiple Remote Vulnerabilities), but has been given its own record to better document it. iDefense Security Advisory 01.12.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2010
I. For more information, please visit following pages:
http://www.adobe.com/products/reader/ http://www.adobe.com/products/acrobat/
II.
The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability.
III. The attacker will have to create a malicious PDF file and convince the victim to open it. This can be accomplished by embedding the PDF file into an IFrame inside of a Web page, which will result in automatic exploitation once the page is viewed. The file could also be e-mailed as an attachment or placed on a file share. In these cases, a user would have to manually open the file to trigger exploitation. If preview is enabled in Windows Explorer, Acrobat will try to generate a preview for PDF files when a folder containing PDF files is accessed, thus triggering the exploitation.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in latest version of Adobe Reader, at the time of testing, version 9.1.0. Previous versions may also be affected.
Adobe has stated that all 9.2 and below versions, as well as all 8.1.7 and below versions are vulnerable.
V. WORKAROUND
None of the following workarounds will prevent exploitation, but they can reduce potential attack vectors and make exploitation more difficult.
Prevent PDF documents from being opened automatically by the Web browser Disable JavaScript Disable PDFShell extension by removing or renaming the Acrord32info.exe file
VI. VENDOR RESPONSE
Adobe has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown.
http://www.adobe.com/support/security/bulletins/apsb10-02.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-3955 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
08/06/2009 Initial Contact 08/06/2009 Initial Response 09/16/2009 Vendor requested POC. iDefense sent POC. 09/17/2009 Vendor response. 01/12/2010 Coordinated public disclosure.
IX. CREDIT
This vulnerability was reported to iDefense by Code Audit Labs http://www.vulnhunt.com.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2010 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Adobe Reader/Acrobat Code Execution Vulnerability
SECUNIA ADVISORY ID: SA37690
VERIFY ADVISORY: http://secunia.com/advisories/37690/
DESCRIPTION: A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system.
NOTE: This vulnerability is currently being actively exploited.
SOLUTION: Do not open untrusted PDF files.
Do not visit untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200912-0751", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.0.5c" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.0.5a" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "5.0.10" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "3.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "5.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "3.02" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.0.5" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "4.5" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "3.01" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "7.0.9" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "6.0.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.5" }, { "model": "acrobat reader", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.5" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.10" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.7" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.6" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "3.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.6" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "4.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "4.0.5c" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.7" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.8" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "3.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.5" }, { "model": "acrobat", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.8" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.9" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.11" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.6" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.5" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.0.6" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.5" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.5" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.7" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "5.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.6" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "4.0.5" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "6.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "4.0.5a" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.9" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.1.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "7.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.1" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "adobe", "version": null }, { "model": "acrobat", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "9.3" }, { "model": "reader", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "8.2" }, { "model": "reader", "scope": "lt", "trust": 0.8, "vendor": "adobe", "version": "9.3" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "rhel supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.4.z (server)" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "networks self-service speech server", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "networks self-service peri application", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "networks self-service mps", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "5000" }, { "model": "networks self-service mps", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "10000" }, { "model": "networks self-service media processing server", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "networks callpilot 703t", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "networks callpilot 600r", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "networks callpilot 201i", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "networks callpilot 200i", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "networks callpilot 1005r", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "networks callpilot 1002rp", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.5" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "7.0.9" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "6.0.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.3" } ], "sources": [ { "db": "CERT/CC", "id": "VU#508357" }, { "db": "BID", "id": "37757" }, { "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "db": "CNNVD", "id": "CNNVD-201001-089" }, { "db": "NVD", "id": "CVE-2009-3955" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3955" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code Audit Labs\u203bhttp://www.vulnhunt.com", "sources": [ { "db": "CNNVD", "id": "CNNVD-201001-089" } ], "trust": 0.6 }, "cve": "CVE-2009-3955", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2009-3955", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-41401", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3955", "trust": 1.8, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#508357", "trust": 0.8, "value": "65.84" }, { "author": "CNNVD", "id": "CNNVD-201001-089", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-41401", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#508357" }, { "db": "VULHUB", "id": "VHN-41401" }, { "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "db": "CNNVD", "id": "CNNVD-201001-089" }, { "db": "NVD", "id": "CVE-2009-3955" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Reader and Acrobat are prone to a memory-corruption vulnerability. \nAn attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. \nThis issue affects Reader and Acrobat 9.2 and prior versions. \nNOTE: This issue was previously covered in BID 37667 (Adobe Acrobat and Reader January 2010 Multiple Remote Vulnerabilities), but has been given its own record to better document it. iDefense Security Advisory 01.12.10\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nJan 12, 2010\n\nI. For more information, please visit following pages:\n\nhttp://www.adobe.com/products/reader/\nhttp://www.adobe.com/products/acrobat/\n\nII. \n\nThe vulnerability occurs when processing the Jp2c stream of a JpxDecode\nencoded data stream within a PDF file. During the processing of a\nJPC_MS_RGN marker, an integer sign extension may cause a bounds check\nto be bypassed. This results in an exploitable memory corruption\nvulnerability. \n\nIII. The\nattacker will have to create a malicious PDF file and convince the\nvictim to open it. This can be accomplished by embedding the PDF file\ninto an IFrame inside of a Web page, which will result in automatic\nexploitation once the page is viewed. The file could also be e-mailed\nas an attachment or placed on a file share. In these cases, a user\nwould have to manually open the file to trigger exploitation. If\npreview is enabled in Windows Explorer, Acrobat will try to generate a\npreview for PDF files when a folder containing PDF files is accessed,\nthus triggering the exploitation. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in latest\nversion of Adobe Reader, at the time of testing, version 9.1.0. \nPrevious versions may also be affected. \n\nAdobe has stated that all 9.2 and below versions, as well as all 8.1.7\nand below versions are vulnerable. \n\nV. WORKAROUND\n\nNone of the following workarounds will prevent exploitation, but they\ncan reduce potential attack vectors and make exploitation more\ndifficult. \n\nPrevent PDF documents from being opened automatically by the Web browser\nDisable JavaScript\nDisable PDFShell extension by removing or renaming the Acrord32info.exe file\n\nVI. VENDOR RESPONSE\n\nAdobe has released a patch which addresses this issue. Information about\ndownloadable vendor updates can be found by clicking on the URLs shown. \n\nhttp://www.adobe.com/support/security/bulletins/apsb10-02.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2009-3955 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n08/06/2009 Initial Contact\n08/06/2009 Initial Response\n09/16/2009 Vendor requested POC. iDefense sent POC. \n09/17/2009 Vendor response. \n01/12/2010 Coordinated public disclosure. \n\nIX. CREDIT\n\nThis vulnerability was reported to iDefense by \tCode Audit Labs\nhttp://www.vulnhunt.com. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2010 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader/Acrobat Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA37690\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37690/\n\nDESCRIPTION:\nA vulnerability has been reported in Adobe Reader and Acrobat, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nNOTE: This vulnerability is currently being actively exploited. \n\nSOLUTION:\nDo not open untrusted PDF files. \n\nDo not visit untrusted websites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nhttp://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor", "sources": [ { "db": "NVD", "id": "CVE-2009-3955" }, { "db": "CERT/CC", "id": "VU#508357" }, { "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "db": "BID", "id": "37757" }, { "db": "VULHUB", "id": "VHN-41401" }, { "db": "PACKETSTORM", "id": "85088" }, { "db": "PACKETSTORM", "id": "83870" } ], "trust": 2.88 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-41401", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-41401" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3955", "trust": 2.9 }, { "db": "BID", "id": "37757", "trust": 2.8 }, { "db": "VUPEN", "id": "ADV-2010-0103", "trust": 2.5 }, { "db": "SECTRACK", "id": "1023446", "trust": 2.5 }, { "db": "USCERT", "id": "TA10-013A", "trust": 2.5 }, { "db": "XF", "id": "55553", "trust": 1.4 }, { "db": "SECUNIA", "id": "38215", "trust": 1.1 }, { "db": "SECUNIA", "id": "38138", "trust": 1.1 }, { "db": "SECUNIA", "id": "37690", "trust": 0.9 }, { "db": "OSVDB", "id": "60980", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#508357", "trust": 0.8 }, { "db": "USCERT", "id": "SA10-013A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2010-001016", "trust": 0.8 }, { "db": "IDEFENSE", "id": "20100113 ADOBE READER AND ACROBAT JPXDECODE MEMORY CORRUPTION VULNERABILITY", "trust": 0.6 }, { "db": "CERT/CC", "id": "TA10-013A", "trust": 0.6 }, { "db": "SUSE", "id": "SUSE-SA:2010:008", "trust": 0.6 }, { "db": "NSFOCUS", "id": "14341", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201001-089", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "85088", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-41401", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "83870", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#508357" }, { "db": "VULHUB", "id": "VHN-41401" }, { "db": "BID", "id": "37757" }, { "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "db": "PACKETSTORM", "id": "85088" }, { "db": "PACKETSTORM", "id": "83870" }, { "db": "CNNVD", "id": "CNNVD-201001-089" }, { "db": "NVD", "id": "CVE-2009-3955" } ] }, "id": "VAR-200912-0751", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-41401" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:42:29.412000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB10-02", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "title": "APSB10-02", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb10-02.html" }, { "title": "RHSA-2010:0037", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0037.html" }, { "title": "RHSA-2010:0038", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0038.html" }, { "title": "RHSA-2010:0060", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0060.html" }, { "title": "TA10-013A", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-013a.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-001016" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-41401" }, { "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "db": "NVD", "id": "CVE-2009-3955" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.securityfocus.com/bid/37757" }, { "trust": 2.5, "url": "http://www.us-cert.gov/cas/techalerts/ta10-013a.html" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id?1023446" }, { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/0103" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "trust": 2.0, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836" }, { "trust": 1.7, "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "trust": 1.4, "url": "http://xforce.iss.net/xforce/xfdb/55553" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8255" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2010-0060.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38138" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38215" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55553" }, { "trust": 0.9, "url": "http://secunia.com/advisories/37690/" }, { "trust": 0.8, "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html" }, { "trust": 0.8, "url": "http://kb2.adobe.com/cps/532/cpsid_53237.html" }, { "trust": 0.8, "url": "http://osvdb.org/show/osvdb/60980" }, { "trust": 0.8, "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present" }, { "trust": 0.8, "url": "http://voices.washingtonpost.com/securityfix/2009/12/hackers_target_unpatched_adobe.html" }, { "trust": 0.8, "url": "http://vrt-sourcefire.blogspot.com/2009/12/this-is-what-happens-when-you-try-to-do.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3955" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20100113-adobe.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2010/at100003.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta10-013a/" }, { "trust": 0.8, "url": "http://jvn.jp/tr/jvntr-2010-03/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3955" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/alerts/sa10-013a.html" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/index.html#topics" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/14341" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=991610" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3955" }, { "trust": 0.1, "url": "http://cve.mitre.org/)," }, { "trust": 0.1, "url": "http://www.adobe.com/products/reader/" }, { "trust": 0.1, "url": "http://labs.idefense.com/intelligence/vulnerabilities/" }, { "trust": 0.1, "url": "http://www.vulnhunt.com." }, { "trust": 0.1, "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php" }, { "trust": 0.1, "url": "http://labs.idefense.com/" }, { "trust": 0.1, "url": "http://www.adobe.com/products/acrobat/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#508357" }, { "db": "VULHUB", "id": "VHN-41401" }, { "db": "BID", "id": "37757" }, { "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "db": "PACKETSTORM", "id": "85088" }, { "db": "PACKETSTORM", "id": "83870" }, { "db": "CNNVD", "id": "CNNVD-201001-089" }, { "db": "NVD", "id": "CVE-2009-3955" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#508357" }, { "db": "VULHUB", "id": "VHN-41401" }, { "db": "BID", "id": "37757" }, { "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "db": "PACKETSTORM", "id": "85088" }, { "db": "PACKETSTORM", "id": "83870" }, { "db": "CNNVD", "id": "CNNVD-201001-089" }, { "db": "NVD", "id": "CVE-2009-3955" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-12-15T00:00:00", "db": "CERT/CC", "id": "VU#508357" }, { "date": "2010-01-13T00:00:00", "db": "VULHUB", "id": "VHN-41401" }, { "date": "2010-01-12T00:00:00", "db": "BID", "id": "37757" }, { "date": "2010-02-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "date": "2010-01-14T02:57:07", "db": "PACKETSTORM", "id": "85088" }, { "date": "2009-12-15T13:39:57", "db": "PACKETSTORM", "id": "83870" }, { "date": "2010-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201001-089" }, { "date": "2010-01-13T19:30:00.483000", "db": "NVD", "id": "CVE-2009-3955" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-06-18T00:00:00", "db": "CERT/CC", "id": "VU#508357" }, { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-41401" }, { "date": "2015-03-19T09:27:00", "db": "BID", "id": "37757" }, { "date": "2010-02-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-001016" }, { "date": "2011-07-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201001-089" }, { "date": "2018-10-30T16:25:16.967000", "db": "NVD", "id": "CVE-2009-3955" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "85088" }, { "db": "CNNVD", "id": "CNNVD-201001-089" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability", "sources": [ { "db": "BID", "id": "37757" }, { "db": "CNNVD", "id": "CNNVD-201001-089" } ], "trust": 0.9 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201001-089" } ], "trust": 0.6 } }
gsd-2009-3955
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2009-3955", "description": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.", "id": "GSD-2009-3955", "references": [ "https://www.suse.com/security/cve/CVE-2009-3955.html", "https://access.redhat.com/errata/RHSA-2010:0060", "https://access.redhat.com/errata/RHSA-2010:0038", "https://access.redhat.com/errata/RHSA-2010:0037" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2009-3955" ], "details": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.", "id": "GSD-2009-3955", "modified": "2023-12-13T01:19:49.940130Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-3955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "38138", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38138" }, { "name": "oval:org.mitre.oval:def:8255", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "name": "RHSA-2010:0060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" }, { "name": "20100113 Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836" }, { "name": "acrobat-reader-jpxdecode-code-exec(55553)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55553" }, { "name": "ADV-2010-0103", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0103" }, { "name": "1023446", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023446" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "name": "38215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38215" }, { "name": "37757", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37757" }, { "name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "TA10-013A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-3955" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-399" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html" }, { "name": "ADV-2010-0103", "refsource": "VUPEN", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0103" }, { "name": "20100113 Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability", "refsource": "IDEFENSE", "tags": [], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836" }, { "name": "TA10-013A", "refsource": "CERT", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" }, { "name": "1023446", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id?1023446" }, { "name": "37757", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/37757" }, { "name": "SUSE-SA:2010:008", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "38138", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38138" }, { "name": "38215", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38215" }, { "name": "RHSA-2010:0060", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293" }, { "name": "acrobat-reader-jpxdecode-code-exec(55553)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55553" }, { "name": "oval:org.mitre.oval:def:8255", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false } }, "lastModifiedDate": "2018-10-30T16:25Z", "publishedDate": "2010-01-13T19:30Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.