CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Acrobat » 8.1 : Security Vulnerabilities Published In 2009

Cpe Name:cpe:/a:adobe:acrobat:8.1
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4324 399 1 Exec Code 2009-12-14 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
2 CVE-2009-3462 Exec Code 2009-10-19 2010-08-21
5.1
 None Remote High Not required Partial Partial Partial
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
3 CVE-2009-3460 399 DoS Exec Code Mem. Corr. 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
4 CVE-2009-3459 119 Exec Code Overflow Mem. Corr. 2009-10-13 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
5 CVE-2009-3458 20 Exec Code 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
6 CVE-2009-3431 119 DoS Overflow 2009-09-25 2010-11-24
5.0
 None Remote Low Not required None None Partial
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
7 CVE-2009-2998 20 Exec Code 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
8 CVE-2009-2997 119 Exec Code Overflow 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
9 CVE-2009-2996 399 DoS Exec Code Mem. Corr. 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.
10 CVE-2009-2995 189 DoS Overflow 2009-10-19 2010-08-21
4.3
 None Remote Medium Not required None None Partial
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.
11 CVE-2009-2994 119 Exec Code Overflow 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
12 CVE-2009-2993 20 Exec Code 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
13 CVE-2009-2992 20 DoS 2009-10-19 2010-08-21
4.3
 None Remote Medium Not required None None Partial
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.
14 CVE-2009-2991 Exec Code 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.
15 CVE-2009-2990 189 Exec Code 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
16 CVE-2009-2989 189 Exec Code Overflow 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
17 CVE-2009-2988 20 DoS 2009-10-19 2010-08-21
4.3
 None Remote Medium Not required None None Partial
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.
18 CVE-2009-2987 DoS 2009-10-19 2010-08-21
4.3
 None Remote Medium Not required None None Partial
Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.
19 CVE-2009-2986 119 Exec Code Overflow 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
20 CVE-2009-2985 399 DoS Exec Code Mem. Corr. 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.
21 CVE-2009-2984 DoS Exec Code 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
22 CVE-2009-2983 399 DoS Exec Code Mem. Corr. 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
23 CVE-2009-2982 310 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors.
24 CVE-2009-2981 20 Bypass 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
25 CVE-2009-2980 189 DoS Exec Code Overflow 2009-10-19 2010-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
26 CVE-2009-2979 DoS 2009-10-19 2010-08-21
4.3
 None Remote Medium Not required None None Partial
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
27 CVE-2009-2028 2009-06-11 2009-08-12
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
28 CVE-2009-1861 119 DoS Exec Code Overflow Mem. Corr. 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.
29 CVE-2009-1859 399 Exec Code Mem. Corr. 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
30 CVE-2009-1858 399 Exec Code Mem. Corr. 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
31 CVE-2009-1857 399 DoS Exec Code Mem. Corr. 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.
32 CVE-2009-1856 189 DoS Exec Code Overflow 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow.
33 CVE-2009-1855 119 Exec Code Overflow 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.
34 CVE-2009-1061 20 Exec Code 2009-03-24 2009-04-28
9.3
 Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
35 CVE-2009-0928 119 Exec Code Overflow 2009-03-24 2010-10-25
10.0
 Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.
36 CVE-2009-0927 20 1 Exec Code Overflow 2009-03-19 2012-10-22
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
37 CVE-2009-0889 119 Exec Code Overflow 2009-06-11 2009-08-12
9.3
 Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888.
38 CVE-2009-0888 119 Exec Code Overflow 2009-06-11 2009-08-12
9.3
 Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889.
39 CVE-2009-0658 119 2 Exec Code Overflow 2009-02-20 2009-04-28
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
40 CVE-2009-0512 119 Exec Code Overflow 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889.
41 CVE-2009-0511 119 Exec Code Overflow 2009-06-11 2010-05-04
9.3
 Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
42 CVE-2009-0510 119 Exec Code Overflow 2009-06-11 2010-05-04
9.3
 Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
43 CVE-2009-0509 119 Exec Code Overflow Mem. Corr. 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.
44 CVE-2009-0198 119 DoS Exec Code Overflow Mem. Corr. 2009-06-11 2010-05-04
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.
45 CVE-2009-0193 119 Exec Code Overflow 2009-03-24 2009-04-28
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.
Total number of vulnerabilities : 45   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.