Vulnerability Name:

CVE-2009-0927 (CCN-49312)

Assigned:2009-03-18
Published:2009-03-18
Updated:2018-11-08
Summary:Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Per vendor advisory in the 'details' section it states:

"The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)"

http://www.adobe.com/support/security/bulletins/apsb09-04.html
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-0927

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SA:2009:014

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2009:009

Source: CCN
Type: RHSA-2008-0974
Critical: acroread security update

Source: SECUNIA
Type: Third Party Advisory
34490

Source: CCN
Type: SA34706
Sun Solaris Adobe Reader Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
34706

Source: SECUNIA
Type: Third Party Advisory
34790

Source: GENTOO
Type: Third Party Advisory
GLSA-200904-17

Source: CCN
Type: SECTRACK ID: 1021861
Adobe Reader JavaScript Input Valdation Flaw Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Sun Alert ID: 256788
Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause a Denial of Service (DoS) (Adobe Security Bulletin APSB09-04)

Source: SUNALERT
Type: Broken Link
256788

Source: CCN
Type: Adobe Product Security Bulletin APSB09-04
Security Updates available for Adobe Reader and Acrobat

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-04.html

Source: EXPLOIT-DB
Type: Third Party Advisory, VDB Entry
9579

Source: CCN
Type: IBM Internet Security Systems Protection Alert - April 14, 2009
Adobe Reader and Adobe Acrobat GetIcon() Remote Code Execution

Source: CCN
Type: OSVDB ID: 53647
Adobe Acrobat getIcon() Function PDF Handling Overflow

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
34169

Source: CCN
Type: BID-34169
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1021861

Source: VUPEN
Type: Third Party Advisory
ADV-2009-0770

Source: VUPEN
Type: Third Party Advisory
ADV-2009-1019

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-09-014

Source: XF
Type: Third Party Advisory, VDB Entry
adobe-unspecified-javascript-code-execution(49312)

Source: XF
Type: UNKNOWN
adobe-geticon-bo(49312)

Source: SUSE
Type: SUSE-SA:2009:014
Acrobat Reader remote code execution

Source: SUSE
Type: SUSE-SR:2009:009
SUSE Security Summary Report

Source: CCN
Type: ZDI-09-014
Adobe Acrobat getIcon() Stack Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version >= 7.0 and < 7.1.1)
  • OR cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version >= 8.0 and < 8.1.3)
  • OR cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version >= 9.0 and < 9.1)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.0::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.2::standard:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.0::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.2::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0::professional:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0::professional_extended:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0::standard:*:*:*:*:*
  • AND
  • cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20090927
    V
    		CVE-2009-0927
    2015-11-16
    oval:org.mitre.oval:def:22747
    P
    		ELSA-2008:0974: acroread security update (Critical)
    2014-05-26
    oval:com.redhat.rhsa:def:20080974
    P
    		RHSA-2008:0974: acroread security update (Critical)
    2008-11-12
    BACK
    adobe acrobat reader *
    adobe acrobat reader *
    adobe acrobat reader *
    adobe acrobat reader 7.0
    adobe acrobat reader 7.0.1
    adobe acrobat reader 7.0.2
    adobe acrobat reader 8.0
    adobe acrobat reader 8.1.2
    adobe acrobat reader 7.0.3
    adobe acrobat reader 7.0.4
    adobe acrobat reader 7.0.5
    adobe acrobat reader 7.0.6
    adobe acrobat reader 7.0.7
    adobe acrobat reader 7.0.8
    adobe acrobat reader 7.0.9
    adobe acrobat reader 8.1
    adobe acrobat reader 8.1.1
    adobe acrobat 7.0
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat 7.0.1
    adobe acrobat 7.0.2
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 8.0
    adobe acrobat 8.1
    adobe acrobat 8.1.1
    adobe acrobat 8.1.2
    adobe acrobat 8.0
    adobe acrobat 8.1.1
    adobe acrobat 8.1.2
    adobe acrobat 9.0
    adobe acrobat 9.0
    adobe acrobat reader 9.0
    adobe acrobat 9.0
    novell linux desktop 9
    sun solaris 10
    redhat rhel extras 3
    redhat rhel extras 4
    novell opensuse 10.3
    novell opensuse 11.0