National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-0658)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-0658

Original release date:02/20/2009

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA09-051A

Name: TA09-051A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA09-051A.html

US-CERT Vulnerability Note: VU#905281

Name: VU#905281

Hyperlink:http://www.kb.cert.org/vuls/id/905281

External Source: XF

Name: adobe-acrobat-reader-image-bo(48825)

Hyperlink:http://xforce.iss.net/xforce/xfdb/48825

External Source: VUPEN

Name: ADV-2009-1019

Hyperlink:http://www.vupen.com/english/advisories/2009/1019

External Source: FRSIRT

Name: ADV-2009-0472

Hyperlink:http://www.vupen.com/english/advisories/2009/0472

External Source: MISC

Name: http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2

Hyperlink:http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2

External Source: MISC

Name: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219

Hyperlink:http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219

External Source: SECTRACK

Name: 1021739

Hyperlink:http://www.securitytracker.com/id?1021739

External Source: BID

Name: 33751

Hyperlink:http://www.securityfocus.com/bid/33751

External Source: REDHAT

Name: RHSA-2009:0376

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0376.html

External Source: MILW0RM

Name: 8099

Hyperlink:http://www.milw0rm.com/exploits/8099

External Source: MILW0RM

Name: 8090

Hyperlink:http://www.milw0rm.com/exploits/8090

External Source: CONFIRM

Name: http://www.adobe.com/support/security/bulletins/apsb09-04.html

Hyperlink:http://www.adobe.com/support/security/bulletins/apsb09-04.html

External Source: CONFIRM

Name: http://www.adobe.com/support/security/advisories/apsa09-01.html

Type: Advisory

Hyperlink:http://www.adobe.com/support/security/advisories/apsa09-01.html

External Source: SUNALERT

Name: 256788

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1

External Source: GENTOO

Name: GLSA-200904-17

Hyperlink:http://security.gentoo.org/glsa/glsa-200904-17.xml

External Source: SECUNIA

Name: 34790

Hyperlink:http://secunia.com/advisories/34790

External Source: SECUNIA

Name: 34706

Hyperlink:http://secunia.com/advisories/34706

External Source: SECUNIA

Name: 34490

Hyperlink:http://secunia.com/advisories/34490

External Source: SECUNIA

Name: 34392

Hyperlink:http://secunia.com/advisories/34392

External Source: SECUNIA

Name: 33901

Hyperlink:http://secunia.com/advisories/33901

External Source: OVAL

Name: oval:org.mitre.oval:def:5697

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5697

External Source: OSVDB

Name: 52073

Hyperlink:http://osvdb.org/52073

External Source: SUSE

Name: SUSE-SR:2009:009

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

External Source: SUSE

Name: SUSE-SA:2009:014

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html

External Source: MISC

Name: http://isc.sans.org/diary.html?n&storyid=5902

Hyperlink:http://isc.sans.org/diary.html?n&storyid=5902

References to Check Content

Identifier:oval:org.mitre.oval:def:5697

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5697

Vulnerable software and versions

Configuration 1

* cpe:/a:adobe:acrobat_reader:3.0

* cpe:/a:adobe:acrobat_reader:4.0

* cpe:/a:adobe:acrobat_reader:4.0.5

* cpe:/a:adobe:acrobat_reader:4.0.5a

* cpe:/a:adobe:acrobat_reader:4.0.5c

* cpe:/a:adobe:acrobat_reader:4.5

* cpe:/a:adobe:acrobat_reader:5.0

* cpe:/a:adobe:acrobat_reader:5.0.10

* cpe:/a:adobe:acrobat_reader:5.0.11

* cpe:/a:adobe:acrobat_reader:5.0.5

* cpe:/a:adobe:acrobat_reader:5.0.6

* cpe:/a:adobe:acrobat_reader:5.0.7

* cpe:/a:adobe:acrobat_reader:5.0.9

* cpe:/a:adobe:acrobat:6.0

* cpe:/a:adobe:acrobat:6.0.1

* cpe:/a:adobe:acrobat:6.0.2

* cpe:/a:adobe:acrobat:6.0.3

* cpe:/a:adobe:acrobat:6.0.4

* cpe:/a:adobe:acrobat:6.0.5

* cpe:/a:adobe:acrobat:7.0

* cpe:/a:adobe:acrobat:7.0.1

* cpe:/a:adobe:acrobat:7.0.2

* cpe:/a:adobe:acrobat:7.0.3

* cpe:/a:adobe:acrobat:7.0.4

* cpe:/a:adobe:acrobat:7.0.5

* cpe:/a:adobe:acrobat:7.0.6

* cpe:/a:adobe:acrobat:7.0.7

* cpe:/a:adobe:acrobat:7.0.8

* cpe:/a:adobe:acrobat:7.0.9

* cpe:/a:adobe:acrobat:8.0.0

* cpe:/a:adobe:acrobat:8.1

* cpe:/a:adobe:acrobat:8.1.1

* cpe:/a:adobe:acrobat:8.1.2

* cpe:/a:adobe:acrobat:9

* cpe:/a:adobe:acrobat_reader:5.1

* cpe:/a:adobe:acrobat_reader:6.0

* cpe:/a:adobe:acrobat_reader:6.0.1

* cpe:/a:adobe:acrobat_reader:6.0.2

* cpe:/a:adobe:acrobat_reader:6.0.3

* cpe:/a:adobe:acrobat_reader:6.0.4

* cpe:/a:adobe:acrobat_reader:6.0.5

* cpe:/a:adobe:acrobat_reader:7.0

* cpe:/a:adobe:acrobat_reader:7.0.1

* cpe:/a:adobe:acrobat_reader:7.0.2

* cpe:/a:adobe:acrobat_reader:7.0.3

* cpe:/a:adobe:acrobat_reader:7.0.4

* cpe:/a:adobe:acrobat_reader:7.0.5

* cpe:/a:adobe:acrobat_reader:7.0.6

* cpe:/a:adobe:acrobat_reader:7.0.7

* cpe:/a:adobe:acrobat_reader:7.0.8

* cpe:/a:adobe:acrobat_reader:7.0.9

* cpe:/a:adobe:acrobat_reader:8.0

* cpe:/a:adobe:acrobat_reader:8.1

* cpe:/a:adobe:acrobat_reader:8.1.1

* cpe:/a:adobe:acrobat_reader:8.1.2

* cpe:/a:adobe:reader:8.1.1

* cpe:/a:adobe:reader:8.1.2

* cpe:/a:adobe:acrobat_reader:9 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658