Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1493Out-of-bounds Write in Adobe Reader

CWE-39911 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
76.2%
top 1.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Reader
Timeline
PublishedApr 30
Latest updateMay 2

Description

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDadobe/reader8.1.4, 9.1+1

🔴Vulnerability Details

3
GHSA
GHSA-f62c-gjq3-9jwj: The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 92022-05-02
CVEList
CVE-2009-1493: The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 92009-04-30
VulnCheck
Adobe Reader customDictionaryOpen Spell Method Vulnerability2009

💥Exploits & PoCs

1
Exploit-DB
Adobe 8.1.4/9.1 - 'customDictionaryOpen()' Code Execution2009-04-29

📋Vendor Advisories

1
Red Hat
acroread: multiple vulnerabilities in Adobe Reader 8.1.42009-04-27

🕵️Threat Intelligence

4
Talos
The Acrobat JavaScript Blocklist Framework2010-01-20
Talos
The Acrobat JavaScript Blocklist Framework2010-01-20
Talos
Rule release for today - May 5th 20092009-05-05
Talos
Rule release for today - May 5th 20092009-05-05

💬Community

1
Bugzilla
CVE-2009-1492, CVE-2009-1493 acroread: multiple vulnerabilities in Adobe Reader 8.1.42009-04-29
CVE-2009-1493 — Out-of-bounds Write in Adobe Reader | cvebase