Vulnerability Details : CVE-2009-1861

Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.
Publish Date : 2009-06-11 Last Update Date : 2010-05-04

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeOverflowMemory corruption
CWE ID	119

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	critical	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P	2009-06-08	2009-06-09

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Class	Family
CVE-2009-1861	oval:org.opensuse.security:def:20091861		unix
RHSA-2009:1109: acroread security update (Critical)	oval:com.redhat.rhsa:def:20091109		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-1861

#	Product Type	Vendor	Product	Version	Update	Edition
1	Application	Adobe	Acrobat	7.0			Details Vulnerabilities
2	Application	Adobe	Acrobat	7.0		Professional	Details Vulnerabilities
3	Application	Adobe	Acrobat	7.0		Standard	Details Vulnerabilities
4	Application	Adobe	Acrobat	7.0.1			Details Vulnerabilities
5	Application	Adobe	Acrobat	7.0.1		Professional	Details Vulnerabilities
6	Application	Adobe	Acrobat	7.0.1		Standard	Details Vulnerabilities
7	Application	Adobe	Acrobat	7.0.2		Standard	Details Vulnerabilities
8	Application	Adobe	Acrobat	7.0.2			Details Vulnerabilities
9	Application	Adobe	Acrobat	7.0.2		Professional	Details Vulnerabilities
10	Application	Adobe	Acrobat	7.0.3			Details Vulnerabilities
11	Application	Adobe	Acrobat	7.0.3		Professional	Details Vulnerabilities
12	Application	Adobe	Acrobat	7.0.3		Standard	Details Vulnerabilities
13	Application	Adobe	Acrobat	7.0.4		Professional	Details Vulnerabilities
14	Application	Adobe	Acrobat	7.0.4		Standard	Details Vulnerabilities
15	Application	Adobe	Acrobat	7.0.4			Details Vulnerabilities
16	Application	Adobe	Acrobat	7.0.5			Details Vulnerabilities
17	Application	Adobe	Acrobat	7.0.5		Professional	Details Vulnerabilities
18	Application	Adobe	Acrobat	7.0.5		Standard	Details Vulnerabilities
19	Application	Adobe	Acrobat	7.0.6			Details Vulnerabilities
20	Application	Adobe	Acrobat	7.0.6		Professional	Details Vulnerabilities
21	Application	Adobe	Acrobat	7.0.6		Standard	Details Vulnerabilities
22	Application	Adobe	Acrobat	7.0.7			Details Vulnerabilities
23	Application	Adobe	Acrobat	7.0.7		Professional	Details Vulnerabilities
24	Application	Adobe	Acrobat	7.0.7		Standard	Details Vulnerabilities
25	Application	Adobe	Acrobat	7.0.8			Details Vulnerabilities
26	Application	Adobe	Acrobat	7.0.8		Elements	Details Vulnerabilities
27	Application	Adobe	Acrobat	7.0.8		Professional	Details Vulnerabilities
28	Application	Adobe	Acrobat	7.0.8		Standard	Details Vulnerabilities
29	Application	Adobe	Acrobat	7.0.9		Professional	Details Vulnerabilities
30	Application	Adobe	Acrobat	7.0.9			Details Vulnerabilities
31	Application	Adobe	Acrobat	7.1		Professional	Details Vulnerabilities
32	Application	Adobe	Acrobat	7.1			Details Vulnerabilities
33	Application	Adobe	Acrobat	7.1		Standard	Details Vulnerabilities
34	Application	Adobe	Acrobat	7.1.0			Details Vulnerabilities
35	Application	Adobe	Acrobat	7.1.1		Standard	Details Vulnerabilities
36	Application	Adobe	Acrobat	7.1.1			Details Vulnerabilities
37	Application	Adobe	Acrobat	8.0		Standard	Details Vulnerabilities
38	Application	Adobe	Acrobat	8.0			Details Vulnerabilities
39	Application	Adobe	Acrobat	8.0		Professional	Details Vulnerabilities
40	Application	Adobe	Acrobat	8.1			Details Vulnerabilities
41	Application	Adobe	Acrobat	8.1		Standard	Details Vulnerabilities
42	Application	Adobe	Acrobat	8.1.1		Standard	Details Vulnerabilities
43	Application	Adobe	Acrobat	8.1.1			Details Vulnerabilities
44	Application	Adobe	Acrobat	8.1.1		Professional	Details Vulnerabilities
45	Application	Adobe	Acrobat	8.1.2	Security Update	Professional	Details Vulnerabilities
46	Application	Adobe	Acrobat	8.1.2		Professional	Details Vulnerabilities
47	Application	Adobe	Acrobat	8.1.2		Standard	Details Vulnerabilities
48	Application	Adobe	Acrobat	8.1.2			Details Vulnerabilities
49	Application	Adobe	Acrobat	8.1.3			Details Vulnerabilities
50	Application	Adobe	Acrobat	8.1.3		Standard	Details Vulnerabilities
51	Application	Adobe	Acrobat	8.1.3		Professional	Details Vulnerabilities
52	Application	Adobe	Acrobat	8.1.4			Details Vulnerabilities
53	Application	Adobe	Acrobat	8.1.4		Standard	Details Vulnerabilities
54	Application	Adobe	Acrobat	8.1.4		Professional	Details Vulnerabilities
55	Application	Adobe	Acrobat	9			Details Vulnerabilities
56	Application	Adobe	Acrobat	9.0		Standard	Details Vulnerabilities
57	Application	Adobe	Acrobat	9.0			Details Vulnerabilities
58	Application	Adobe	Acrobat	9.0.0			Details Vulnerabilities
59	Application	Adobe	Acrobat	9.1		Standard	Details Vulnerabilities
60	Application	Adobe	Acrobat	9.1			Details Vulnerabilities
61	Application	Adobe	Acrobat Reader	7.0			Details Vulnerabilities
62	Application	Adobe	Acrobat Reader	7.0.1			Details Vulnerabilities
63	Application	Adobe	Acrobat Reader	7.0.2			Details Vulnerabilities
64	Application	Adobe	Acrobat Reader	7.0.3			Details Vulnerabilities
65	Application	Adobe	Acrobat Reader	7.0.4			Details Vulnerabilities
66	Application	Adobe	Acrobat Reader	7.0.5			Details Vulnerabilities
67	Application	Adobe	Acrobat Reader	7.0.6			Details Vulnerabilities
68	Application	Adobe	Acrobat Reader	7.0.7			Details Vulnerabilities
69	Application	Adobe	Acrobat Reader	7.0.8			Details Vulnerabilities
70	Application	Adobe	Acrobat Reader	7.0.9			Details Vulnerabilities
71	Application	Adobe	Acrobat Reader	7.1			Details Vulnerabilities
72	Application	Adobe	Acrobat Reader	7.1.1			Details Vulnerabilities
73	Application	Adobe	Acrobat Reader	8.0			Details Vulnerabilities
74	Application	Adobe	Acrobat Reader	8.1			Details Vulnerabilities
75	Application	Adobe	Acrobat Reader	8.1.1			Details Vulnerabilities
76	Application	Adobe	Acrobat Reader	8.1.2			Details Vulnerabilities
77	Application	Adobe	Acrobat Reader	8.1.2	Security Update		Details Vulnerabilities
78	Application	Adobe	Acrobat Reader	8.1.3			Details Vulnerabilities
79	Application	Adobe	Acrobat Reader	8.1.4			Details Vulnerabilities
80	Application	Adobe	Acrobat Reader	8.1.5			Details Vulnerabilities
81	Application	Adobe	Acrobat Reader	9			Details Vulnerabilities
82	Application	Adobe	Acrobat Reader	9.1			Details Vulnerabilities
83	Application	Adobe	Acrobat Reader	9.1.1			Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Adobe	Acrobat	60
Adobe	Acrobat Reader	23

- References For CVE-2009-1861

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html
SUSE SUSE-SA:2009:035

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
SUSE SUSE-SR:2009:012

http://secunia.com/advisories/35496
SECUNIA 35496

http://secunia.com/advisories/34580
SECUNIA 34580

http://secunia.com/advisories/35655
SECUNIA 35655

http://secunia.com/advisories/35734
SECUNIA 35734

http://secunia.com/advisories/35685
SECUNIA 35685

http://security.gentoo.org/glsa/glsa-200907-06.xml
GENTOO GLSA-200907-06

http://www.securityfocus.com/bid/35274
BID 35274 Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities Release Date:2009-10-15

http://www.redhat.com/support/errata/RHSA-2009-1109.html
REDHAT RHSA-2009:1109

http://securitytracker.com/id?1022361
SECTRACK 1022361

http://www.securityfocus.com/bid/35295
BID 35295 Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities Release Date:2009-10-15

http://www.adobe.com/support/security/bulletins/apsb09-07.html CONFIRM

http://www.vupen.com/english/advisories/2009/1547
VUPEN ADV-2009-1547

http://www.kb.cert.org/vuls/id/568153
CERT-VN VU#568153

http://www.us-cert.gov/cas/techalerts/TA09-161A.html
CERT TA09-161A

- Metasploit Modules Related To CVE-2009-1861

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)