CVE-2009-1493 : The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Published 2009-04-30 20:30:01

Updated 2017-09-29 01:34:24

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2009-1493

Probability of exploitation activity in the next 30 days: 97.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1493

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-1493

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1493

http://www.securityfocus.com/bid/34740

Exploit
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html

CVEs referencing this url
http://www.adobe.com/support/security/bulletins/apsb09-06.html

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1189

Vendor Advisory

CVEs referencing this url
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200907-06.xml

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1317

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA09-133B.html

US Government Resource

CVEs referencing this url
https://www.exploit-db.com/exploits/8570
http://www.kb.cert.org/vuls/id/970180

US Government Resource

CVEs referencing this url
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2009-0478.html

CVEs referencing this url
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt

Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
http://www.securitytracker.com/id?1022139

CVEs referencing this url
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2009-1493

Adobe » Reader » Version: 8.1.4
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux
Adobe » Reader » Version: 9.1
cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux

Vulnerability Details : CVE-2009-1493

Exploit prediction scoring system (EPSS) score for CVE-2009-1493

CVSS scores for CVE-2009-1493

CWE ids for CVE-2009-1493

References for CVE-2009-1493

Products affected by CVE-2009-1493