CVE-2009-1859 — Out-of-bounds Write in Adobe Acrobat

CWE-3998 documents5 sources

Severity

9.3CRITICALNVD

EPSS

8.9%

top 7.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedJun 11

Latest updateMay 2

Description

Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/acrobat_reader22 versions+21

▶NVDadobe/acrobat23 versions+22

Patches

Patch: www.adobe.com ↗Patch: www.vupen.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-vgm3-w345-pp4f: Adobe Reader 7 and Acrobat 7 before 7↗2022-05-02

▶

📋Vendor Advisories

Red Hat

acroread: multiple security fixes in version 8.1.6 (APSB09-07)↗2009-06-09

▶

🕵️Threat Intelligence

Talos

DojoSec Adobe bug fixed↗2009-06-30

▶

Talos

DojoSec Adobe bug fixed↗2009-06-30

▶

Talos

Rule release for today - June 12th 2009↗2009-06-13

▶

Talos

Rule release for today - June 12th 2009↗2009-06-13

▶

💬Community

Bugzilla

acroread: multiple security fixes in version 8.1.6 (APSB09-07)↗2009-06-10

▶