Vulnerability Name:

CVE-2009-3460 (CCN-53759)

Assigned:2009-10-13
Published:2009-10-13
Updated:2018-10-30
Summary:Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html


This update resolves a memory corruption issue that could potentially lead to code execution. This issue is specific to Acrobat and does not affect Adobe Reader. (CVE-2009-3460).
NOTE: this issue is resolved in the Acrobat 9.2 and 8.1.7 updates.
Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html

Solution


Acrobat

Acrobat Standard and Pro users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows

Acrobat 3D users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.

Acrobat Pro users on Macintosh can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-3460

Source: CCN
Type: SECTRACK ID: 1023007
Adobe Acrobat and Adobe Reader Flaws Lets Remote Users Execute Arbitrary Code and Deny Service

Source: SECTRACK
Type: UNKNOWN
1023007

Source: CCN
Type: Sun Alert: 270669
Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) - Adobe Security Bulletin APSB09-15

Source: CCN
Type: Adobe Web site
Adobe - Adobe Reader download

Source: CCN
Type: Adobe Product Security Bulletin APSB09-15
Security Advisory for Adobe Reader and Acrobat

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-15.html

Source: CCN
Type: OSVDB ID: 58914
Adobe Acrobat Unspecified Memory Corruption (2009-3460)

Source: BID
Type: UNKNOWN
36638

Source: CCN
Type: BID-36638
RETIRED: Adobe Reader and Acrobat October 2009 Multiple Remote Vulnerabilities

Source: CCN
Type: BID-36683
Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerability

Source: CERT
Type: Patch, US Government Resource
TA09-286B

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-2898

Source: XF
Type: UNKNOWN
adobe-acrobat-unspec-code-execution(53759)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6550

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:*:*:*:*:*:*:*:* (Version <= 9.1.3)

  • Configuration CCN 1:
  • cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6550
    V
    Adobe Reader and Acrobat allow memory corruption
    2013-08-12
    BACK
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 7.1.0
    adobe acrobat 7.1.1
    adobe acrobat 7.1.3
    adobe acrobat 8.0
    adobe acrobat 8.1
    adobe acrobat 8.1.1
    adobe acrobat 8.1.2
    adobe acrobat 8.1.3
    adobe acrobat 8.1.4
    adobe acrobat 8.1.6
    adobe acrobat 9.0
    adobe acrobat 9.1.1
    adobe acrobat 9.1.2
    adobe acrobat *
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat 3.0
    adobe acrobat 3.1
    adobe acrobat 4.0
    adobe acrobat 4.0.5
    adobe acrobat 4.0.5a
    adobe acrobat 4.0.5c
    adobe acrobat 5.0
    adobe acrobat 5.0.10
    adobe acrobat 5.0.5
    adobe acrobat 5.0.6
    adobe acrobat 6.0
    adobe acrobat 6.0.1
    adobe acrobat 6.0.2
    adobe acrobat 6.0.3
    adobe acrobat 6.0.4
    adobe acrobat 6.0.5
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 8.1
    adobe acrobat 8.1.1
    adobe acrobat 9
    adobe acrobat 8.1.2
    adobe acrobat 9.1
    adobe acrobat 9.1.1
    adobe acrobat 9.0.0
    adobe acrobat 8.1.3
    adobe acrobat 8.1.4
    adobe acrobat 9.1.2
    adobe acrobat 9.1.3
    adobe acrobat 7.1.3
    adobe acrobat 8.1.6
    sun solaris 10