⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2009-0927Improper Input Validation in Adobe Acrobat Reader

CWE-20Improper Input ValidationCWE-121Stack-based Buffer Overflow25 documents13 sources
Severity
8.8HIGHNVD
EPSS
93.3%
top 0.19%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Acrobat Reader
Timeline
PublishedMar 19
KEV addedMar 25
KEV dueApr 15
Latest updateMay 2
CISA Required Action: Apply updates per vendor instructions.

Description

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDadobe/acrobat_reader7.07.1.1+2

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-wr9v-3qgm-q33g: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 92022-05-02
VulnCheck
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability2009

💥Exploits & PoCs

5
Exploit-DB
Adobe - 'Collab.getIcon()' Local Buffer Overflow (Metasploit) (2)2010-09-25
Exploit-DB
Adobe - 'Collab.getIcon()' Local Buffer Overflow (Metasploit) (1)2010-04-30
Exploit-DB
Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 - Collab getIcon Universal2009-09-03
Exploit-DB
Adobe Acrobat Reader 8.1.2 < 9.0 - 'getIcon()' Memory Corruption2009-05-04
Metasploit
Adobe Collab.getIcon() Buffer Overflow

📋Vendor Advisories

2
CISA
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability2022-03-25
Red Hat
security flaw2009-03-18

🕵️Threat Intelligence

11
Zscaler
PDF Exploits Targeted Through Blackhole Exploit Kits. | Zscaler2012-04-09
Zscaler
PDF Exploit: Number Of Pages Is The Key | Zscaler2010-08-04
Zscaler
ATECH-SAGADE Badness - Malicious .IN Campaign | Zscaler Blog2010-07-15
Zscaler
A Brief Gumblar Infrastructure Analysis | Zscaler Blog2010-05-27
Zscaler
More And More Obfuscation Being Used In The Malicious Script2010-05-07

📄Research Papers

2
arXiv
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study2019-02-10
arXiv
MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection2018-08-21

💬Community

2
Bugzilla
CVE-2009-0927 security flaw2018-08-16
Bugzilla
CVE-2009-0658, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062 acroread: multiple JBIG2-related security flaws2009-02-23
CVE-2009-0927 — Improper Input Validation in Adobe | cvebase