Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2010-1278 CVE-2009-3959 CVE-2009-3958 CVE-2009-3957 CVE-2009-3956 CVE-2009-3955 CVE-2009-3954 CVE-2009-3953 |
| CWE-ID | CWE-119 CWE-190 CWE-121 CWE-476 CWE-79 CWE-426 CWE-129 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Vulnerability #8 is being exploited in the wild. |
| Vulnerable software |
Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU1399
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2010-1278
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager. By persuading a victim to visit a malicious Web page that passes an overly long argument, a remote attacker can trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Reader: 8.x - 9.x
Adobe Acrobat: 8.x - 9.x
CPE2.3- cpe:2.3:a:adobe:adobe_reader:8.x:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:9.x:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:8.x:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:9.x:*:*:*:*:*:*:*
http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer Overflow or Wraparound
EUVDB-ID: #VU1398
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3959
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the U3D implementation. A remote attacker can create a specially crafted .pdf file containing a malicious U3D mode, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Acrobat: 8.0 - 9.2
Adobe Reader: 8.0 - 9.2
CPE2.3- cpe:2.3:a:adobe:adobe_acrobat:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_acrobat:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_reader:9.2:*:*:*:*:*:*:*
http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU1397
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2009-3958
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow in the NOS Microsystems getPlus Helper ActiveX control. By persuading a victim to visit a malicious Web page that passes an overly long argument to multiple initialization parameter,a remote attacker can trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Reader: 8.0 - 9.2
Adobe Acrobat: 8.0 - 9.2
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Null pointer dereference
EUVDB-ID: #VU1396
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference. A remote attacker can trigger the application to crash.
Successful exploitation of the vulnerability results in denial of service of the vulnerable application.
Update Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Reader: 8.0 - 9.2
Adobe Acrobat: 8.0 - 9.2
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU1395
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3956
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
Mitigation
Update Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Acrobat: 8.0 - 9.2
Adobe Reader: 8.0 - 9.2
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU1394
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3955
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to sign extension error when handling a Jp2c stream of a JpxDecode data stream. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Reader: 8.0 - 9.2
Adobe Acrobat: 8.0 - 9.2
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Untrusted search path
EUVDB-ID: #VU1393
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3954
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in 3D implementation. A remote attacker can place a .pdf file along with malicious DLL on a public SMB or WebDAV share, trick the victim into opening .pdf file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Acrobat: 8.0 - 9.2
Adobe Reader: 8.0 - 9.2
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper validation of array index
EUVDB-ID: #VU1392
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2009-3953
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to array indexing error in U3D support. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability is being actively exploited.
MitigationUpdate Adobe Reader and Adobe Acrobat 8.1.7 or earlier to version 8.2.
Update Adobe Reader and Adobe Acrobat 9.2 or earlier to version 9.3.
http://get.adobe.com/reader
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Adobe Reader: 8.1.1 - 9.2
Adobe Acrobat: 8.1.1 - 9.2
CPE2.3http://www.adobe.com/support/security/bulletins/apsb10-02.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
