CVE-2009-1061
published 2009-03-25CVE-2009-1061: Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
11.03%
95.4th percentile
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
Affected
56 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | <= 9.0 | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat_reader | <= 9.0 | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | >= 7.0 < 7.1.1 | 7.1.1 |
| adobe | acrobat_reader | >= 8.0 < 8.1.4 | 8.1.4 |
| adobe | acrobat_reader | >= 9.0 < 9.1 | 9.1 |
| adobe | reader | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4hh3-c3j6-h827: Adobe Acrobat Reader 9 before 9
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-1062 [CRITICAL] CWE-20 GHSA-4hh3-c3j6-h827: Adobe Acrobat Reader 9 before 9
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
GHSA
GHSA-468h-v4jh-mq8c: Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-0193 [CRITICAL] CWE-119 GHSA-468h-v4jh-mq8c: Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9
Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.
GHSA
GHSA-8g25-qvgj-fp7w: Unspecified vulnerability in Adobe Acrobat Reader 9 before 9
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-1061 [CRITICAL] CWE-20 GHSA-8g25-qvgj-fp7w: Unspecified vulnerability in Adobe Acrobat Reader 9 before 9
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
Red Hat
acroread: multiple JBIG2-related security flaws
vendor_redhat·2009-02-19·CVSS 9.3
CVE-2009-1061 [CRITICAL] acroread: multiple JBIG2-related security flaws
acroread: multiple JBIG2-related security flaws
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
Red Hat
acroread: multiple JBIG2-related security flaws
vendor_redhat·2009-02-19·CVSS 9.3
CVE-2009-1062 [CRITICAL] acroread: multiple JBIG2-related security flaws
acroread: multiple JBIG2-related security flaws
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
Red Hat
acroread: multiple JBIG2-related security flaws
vendor_redhat·2009-02-19·CVSS 9.3
CVE-2009-0193 [CRITICAL] acroread: multiple JBIG2-related security flaws
acroread: multiple JBIG2-related security flaws
Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34392http://secunia.com/advisories/34490http://secunia.com/advisories/34706http://secunia.com/advisories/34790http://security.gentoo.org/glsa/glsa-200904-17.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1http://www.adobe.com/support/security/bulletins/apsb09-04.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0376.htmlhttp://www.securityfocus.com/bid/34229http://www.securitytracker.com/id?1021892http://www.vupen.com/english/advisories/2009/1019http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34392http://secunia.com/advisories/34490http://secunia.com/advisories/34706http://secunia.com/advisories/34790http://security.gentoo.org/glsa/glsa-200904-17.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1http://www.adobe.com/support/security/bulletins/apsb09-04.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0376.htmlhttp://www.securityfocus.com/bid/34229http://www.securitytracker.com/id?1021892http://www.vupen.com/english/advisories/2009/1019
2009-03-25
Published