cvelistv5 - cve-2009-0837

CVE-2009-0837 (GCVE-0-2009-0837)

Vulnerability from cvelistv5 – Published: 2009-03-10 20:00 – Updated: 2024-08-07 04:48

Summary

Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/501623/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/34036	third-party-advisoryx_refsource_SECUNIA
	http://www.foxitsoftware.com/pdf/reader/security.…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/0634	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1021824	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/34035	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.coresecurity.com/content/foxit-reader-…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
          },
          {
            "name": "34036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34036"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
          },
          {
            "name": "ADV-2009-0634",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0634"
          },
          {
            "name": "1021824",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021824"
          },
          {
            "name": "34035",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34035"
          },
          {
            "name": "foxitreader-pdf-bo(49136)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
        },
        {
          "name": "34036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34036"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
        },
        {
          "name": "ADV-2009-0634",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0634"
        },
        {
          "name": "1021824",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021824"
        },
        {
          "name": "34035",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34035"
        },
        {
          "name": "foxitreader-pdf-bo(49136)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0837",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
            },
            {
              "name": "34036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34036"
            },
            {
              "name": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased",
              "refsource": "CONFIRM",
              "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
            },
            {
              "name": "ADV-2009-0634",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0634"
            },
            {
              "name": "1021824",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021824"
            },
            {
              "name": "34035",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34035"
            },
            {
              "name": "foxitreader-pdf-bo(49136)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
            },
            {
              "name": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0837",
    "datePublished": "2009-03-10T20:00:00",
    "dateReserved": "2009-03-06T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxit:reader3.0:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57E780D1-D8BF-4141-9E33-EE4268BA8980\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \\\"Open/Execute a file\\\" action.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en Foxit Reader v3.0 anteriores a Build 1506, incluidas la 1120 y la 1301, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de (1)una ruta relativa larga o (2)una ruta absoluta larga en el argumento \\\"filename\\\" en una acci\\u00f3n, como se demostr\\u00f3 mediante la acci\\u00f3n \\\"Abrir/Ejecutar un fichero\\\".\"}]",
      "id": "CVE-2009-0837",
      "lastModified": "2024-11-21T01:01:01.393",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-03-10T20:30:06.593",
      "references": "[{\"url\": \"http://secunia.com/advisories/34036\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.coresecurity.com/content/foxit-reader-vulnerabilities\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/501623/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/34035\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1021824\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0634\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49136\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.coresecurity.com/content/foxit-reader-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/501623/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34035\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1021824\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0634\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49136\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0837\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-10T20:30:06.593\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \\\"Open/Execute a file\\\" action.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en Foxit Reader v3.0 anteriores a Build 1506, incluidas la 1120 y la 1301, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1)una ruta relativa larga o (2)una ruta absoluta larga en el argumento \\\"filename\\\" en una acci\u00f3n, como se demostr\u00f3 mediante la acci\u00f3n \\\"Abrir/Ejecutar un fichero\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:reader3.0:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E780D1-D8BF-4141-9E33-EE4268BA8980\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/34036\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.coresecurity.com/content/foxit-reader-vulnerabilities\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501623/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34035\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021824\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0634\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49136\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.coresecurity.com/content/foxit-reader-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501623/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2009-0837

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0837

Aliases

CVE-2009-0837

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0837",
    "description": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action.",
    "id": "GSD-2009-0837"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0837"
      ],
      "details": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action.",
      "id": "GSD-2009-0837",
      "modified": "2023-12-13T01:19:44.663374Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0837",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
          },
          {
            "name": "34036",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34036"
          },
          {
            "name": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased",
            "refsource": "CONFIRM",
            "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
          },
          {
            "name": "ADV-2009-0634",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0634"
          },
          {
            "name": "1021824",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021824"
          },
          {
            "name": "34035",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34035"
          },
          {
            "name": "foxitreader-pdf-bo(49136)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
          },
          {
            "name": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities",
            "refsource": "MISC",
            "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:foxit:reader3.0:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0837"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
            },
            {
              "name": "34035",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34035"
            },
            {
              "name": "ADV-2009-0634",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0634"
            },
            {
              "name": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
            },
            {
              "name": "34036",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34036"
            },
            {
              "name": "1021824",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021824"
            },
            {
              "name": "foxitreader-pdf-bo(49136)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
            },
            {
              "name": "20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:31Z",
      "publishedDate": "2009-03-10T20:30Z"
    }
  }
}

GHSA-G9CC-XW8R-HJ44

Vulnerability from github – Published: 2022-05-02 03:18 – Updated: 2022-05-02 03:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-10T20:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action.",
  "id": "GHSA-g9cc-xw8r-hj44",
  "modified": "2022-05-02T03:18:40Z",
  "published": "2022-05-02T03:18:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0837"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34036"
    },
    {
      "type": "WEB",
      "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34035"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021824"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0634"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités présentes dans Foxit Reader permettent à un utilisateur malveillant de contourner la politique de sécurité ou d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités de type débordement de mémoire permettent à une personne malintentionnée d'exécuter du code arbitraire à distance au moyen d'un fichier au format PDF spécialement construit. L'une des deux vulnérabilités a fait l'objet de l'alerte CERTA-2009-ALE-001.

Une troisième vulnérabilité permet de contourner la politique de sécurité afin d'exécuter une action définie dans le fichier au format PDF sans confirmation de l'utilisateur.

Solution

Se référer au bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Foxit	PDF Reader	Foxit Reader 3.x.
	Foxit	PDF Reader	Foxit Reader 2.x ;

References

Title

Publication Time

Tags

Bulletins de sécurité Foxit Software	None	vendor-advisory
Bulletins de sécurité Foxit Reader :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Foxit Reader 3.x.",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    },
    {
      "description": "Foxit Reader 2.x ;",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au\nmoyen d\u0027un fichier au format PDF sp\u00e9cialement construit. L\u0027une des deux\nvuln\u00e9rabilit\u00e9s a fait l\u0027objet de l\u0027alerte CERTA-2009-ALE-001.\n\nUne troisi\u00e8me vuln\u00e9rabilit\u00e9 permet de contourner la politique de\ns\u00e9curit\u00e9 afin d\u0027ex\u00e9cuter une action d\u00e9finie dans le fichier au format\nPDF sans confirmation de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0191"
    },
    {
      "name": "CVE-2009-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0837"
    },
    {
      "name": "CVE-2009-0836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0836"
    }
  ],
  "links": [
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Foxit Reader :",
      "url": "http://www.foxitsoftware.com/pdf/reader/security.html"
    }
  ],
  "reference": "CERTA-2009-AVI-090",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Foxit Reader permettent \u00e0 un\nutilisateur malveillant de contourner la politique de s\u00e9curit\u00e9 ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Foxit Reader",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Foxit Software",
      "url": null
    }
  ]
}

CERTA-2009-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités présentes dans Foxit Reader permettent à un utilisateur malveillant de contourner la politique de sécurité ou d'exécuter du code arbitraire à distance.

Description

Une troisième vulnérabilité permet de contourner la politique de sécurité afin d'exécuter une action définie dans le fichier au format PDF sans confirmation de l'utilisateur.

Solution

Se référer au bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Foxit	PDF Reader	Foxit Reader 3.x.
	Foxit	PDF Reader	Foxit Reader 2.x ;

References

Title

Publication Time

Tags

Bulletins de sécurité Foxit Software	None	vendor-advisory
Bulletins de sécurité Foxit Reader :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Foxit Reader 3.x.",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    },
    {
      "description": "Foxit Reader 2.x ;",
      "product": {
        "name": "PDF Reader",
        "vendor": {
          "name": "Foxit",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au\nmoyen d\u0027un fichier au format PDF sp\u00e9cialement construit. L\u0027une des deux\nvuln\u00e9rabilit\u00e9s a fait l\u0027objet de l\u0027alerte CERTA-2009-ALE-001.\n\nUne troisi\u00e8me vuln\u00e9rabilit\u00e9 permet de contourner la politique de\ns\u00e9curit\u00e9 afin d\u0027ex\u00e9cuter une action d\u00e9finie dans le fichier au format\nPDF sans confirmation de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0191"
    },
    {
      "name": "CVE-2009-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0837"
    },
    {
      "name": "CVE-2009-0836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0836"
    }
  ],
  "links": [
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Foxit Reader :",
      "url": "http://www.foxitsoftware.com/pdf/reader/security.html"
    }
  ],
  "reference": "CERTA-2009-AVI-090",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Foxit Reader permettent \u00e0 un\nutilisateur malveillant de contourner la politique de s\u00e9curit\u00e9 ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Foxit Reader",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Foxit Software",
      "url": null
    }
  ]
}

FKIE_CVE-2009-0837

Vulnerability from fkie_nvd - Published: 2009-03-10 20:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/34036	Vendor Advisory
cve@mitre.org	http://www.coresecurity.com/content/foxit-reader-vulnerabilities	Vendor Advisory
cve@mitre.org	http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/501623/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34035
cve@mitre.org	http://www.securitytracker.com/id?1021824
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0634	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49136
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34036	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/content/foxit-reader-vulnerabilities	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501623/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34035
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021824
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0634	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49136

Impacted products

	Vendor	Product	Version
	foxit	reader3.0	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foxit:reader3.0:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E780D1-D8BF-4141-9E33-EE4268BA8980",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the \"Open/Execute a file\" action."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en Foxit Reader v3.0 anteriores a Build 1506, incluidas la 1120 y la 1301, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1)una ruta relativa larga o (2)una ruta absoluta larga en el argumento \"filename\" en una acci\u00f3n, como se demostr\u00f3 mediante la acci\u00f3n \"Abrir/Ejecutar un fichero\"."
    }
  ],
  "id": "CVE-2009-0837",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-10T20:30:06.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34036"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34035"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021824"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0634"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.coresecurity.com/content/foxit-reader-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#Stackbased"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501623/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49136"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0837 (GCVE-0-2009-0837)

GSD-2009-0837

GHSA-G9CC-XW8R-HJ44

CERTA-2009-AVI-090

Description

Solution

CERTA-2009-AVI-090

Description

Solution

FKIE_CVE-2009-0837

Tags

Sightings

Nomenclature