Adobe Acrobat Reader Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021739
|
|
SecurityTracker URL: http://securitytracker.com/id?1021739
|
|
CVE Reference: CVE-2009-0658
(Links to External Site)
|
Updated: Mar 25 2009
|
Original Entry Date: Feb 20 2009
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Adobe Advisory
|
Version(s): 7, 8, 9
|
Description: A vulnerability was reported in Adobe Acrobat Reader. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a buffer overflow and execute
arbitrary code on the target system. The code will run with the privileges of the target user.
This vulnerability is being actively
exploited.
|
Impact: A remote user can create a PDF file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued a fix (7.1.1,8.1.4, 9.1).
The vendor's original advisory is available at:
http://www.adobe.com/support/security/advisories/apsa09-01.html
http
://www.adobe.com/support/security/bulletins/apsb09-03.html
The vendor's updated advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb09-04.
html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb09-04.html (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 19 Feb 2009 21:54:06 -0500
Subject: Adobe Acrobat
|
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219
|
|
