Vulnerability Name:

CVE-2009-3958 (CCN-55556)

Assigned:2009-11-16
Published:2010-01-12
Updated:2018-10-30
Summary:Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html


Affected software versions

Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html

a buffer overflow vulnerability in the Download Manager that could lead to code execution (CVE-2009-3958).
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-3958

Source: SUSE
Type: UNKNOWN
SUSE-SA:2010:008

Source: CCN
Type: SA37690
Adobe Reader/Acrobat "Doc.media.newPlayer()" Memory Corruption

Source: CCN
Type: SA38131
Adobe getPlus DLM Multiple Vulnerabilities

Source: CCN
Type: SA38138
Adobe Reader/Acrobat 7 Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1023446
Adobe Acrobat and Adobe Reader Flaws Lets Remote Users Execute Arbitrary Code and Deny Service

Source: CCN
Type: Adobe Product Security Bulletin APSB10-02
Security updates available for Adobe Reader and Acrobat

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb10-02.html

Source: CCN
Type: US-CERT VU#773545
NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows

Source: CERT-VN
Type: US Government Resource
VU#773545

Source: CCN
Type: OSVDB ID: 61688
Adobe getPlus DLM gp.ocx ActiveX Multiple Overflows

Source: BID
Type: UNKNOWN
37759

Source: CCN
Type: BID-37759
NOS Microsystems getPlus Help ActiveX Control Stack Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1023446

Source: CERT
Type: US Government Resource
TA10-013A

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0103

Source: XF
Type: UNKNOWN
acrobat-reader-download-manager-bo(55556)

Source: XF
Type: UNKNOWN
acrobat-reader-download-manager-bo(55556)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8455

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-17-2010]

Source: SUSE
Type: SUSE-SA:2010:008
Acrobat Reader security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:*:*:*:*:*:*:*:* (Version <= 9.2)
  • AND
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:*:*:*:*:*:*:*:* (Version <= 9.2)
  • AND
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*
  • OR cpe:/o:unix:unix:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:adobe:reader:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20093958
    V
    CVE-2009-3958
    2015-11-16
    oval:org.mitre.oval:def:8455
    V
    Adobe Reader and Acrobat Download Manager Remote Code Execution Vulnerability
    2013-08-12
    BACK
    adobe acrobat 3.0
    adobe acrobat 3.1
    adobe acrobat 4.0
    adobe acrobat 4.0.5
    adobe acrobat 4.0.5a
    adobe acrobat 4.0.5c
    adobe acrobat 5.0
    adobe acrobat 5.0.5
    adobe acrobat 5.0.6
    adobe acrobat 5.0.10
    adobe acrobat 6.0
    adobe acrobat 6.0.1
    adobe acrobat 6.0.2
    adobe acrobat 6.0.3
    adobe acrobat 6.0.4
    adobe acrobat 6.0.5
    adobe acrobat 6.0.6
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 7.1.0
    adobe acrobat 7.1.1
    adobe acrobat 7.1.2
    adobe acrobat 7.1.3
    adobe acrobat 7.1.4
    adobe acrobat 8.0
    adobe acrobat 8.1
    adobe acrobat 8.1.1
    adobe acrobat 8.1.2
    adobe acrobat 8.1.3
    adobe acrobat 8.1.4
    adobe acrobat 8.1.5
    adobe acrobat 8.1.6
    adobe acrobat 8.1.7
    adobe acrobat 9.0
    adobe acrobat 9.1
    adobe acrobat 9.1.1
    adobe acrobat 9.1.2
    adobe acrobat 9.1.3
    adobe acrobat *
    apple mac os x *
    microsoft windows *
    adobe acrobat reader 3.0
    adobe acrobat reader 3.01
    adobe acrobat reader 3.02
    adobe acrobat reader 4.0
    adobe acrobat reader 4.0.5
    adobe acrobat reader 4.0.5a
    adobe acrobat reader 4.0.5c
    adobe acrobat reader 4.5
    adobe acrobat reader 5.0
    adobe acrobat reader 5.0.5
    adobe acrobat reader 5.0.6
    adobe acrobat reader 5.0.7
    adobe acrobat reader 5.0.9
    adobe acrobat reader 5.0.10
    adobe acrobat reader 5.0.11
    adobe acrobat reader 5.1
    adobe acrobat reader 6.0
    adobe acrobat reader 6.0.1
    adobe acrobat reader 6.0.2
    adobe acrobat reader 6.0.3
    adobe acrobat reader 6.0.4
    adobe acrobat reader 6.0.5
    adobe acrobat reader 7.0
    adobe acrobat reader 7.0.1
    adobe acrobat reader 7.0.2
    adobe acrobat reader 7.0.3
    adobe acrobat reader 7.0.4
    adobe acrobat reader 7.0.5
    adobe acrobat reader 7.0.6
    adobe acrobat reader 7.0.7
    adobe acrobat reader 7.0.8
    adobe acrobat reader 7.0.9
    adobe acrobat reader 7.1.0
    adobe acrobat reader 7.1.1
    adobe acrobat reader 7.1.2
    adobe acrobat reader 7.1.3
    adobe acrobat reader 8.0
    adobe acrobat reader 8.1
    adobe acrobat reader 8.1.1
    adobe acrobat reader 8.1.2
    adobe acrobat reader 8.1.4
    adobe acrobat reader 8.1.5
    adobe acrobat reader 8.1.6
    adobe acrobat reader 8.1.7
    adobe acrobat reader 9.0
    adobe acrobat reader 9.1
    adobe acrobat reader 9.1.1
    adobe acrobat reader 9.1.2
    adobe acrobat reader 9.1.3
    adobe acrobat reader *
    apple mac os x *
    microsoft windows *
    unix unix *
    adobe reader 9.0
    adobe reader 9.1
    adobe reader 9.1.1
    adobe reader 9.1.2
    adobe reader 9.1.3
    adobe reader 8.1.7
    adobe acrobat 8.1.7
    adobe acrobat 9.2
    adobe reader 9.2
    novell opensuse 11.0