CVE-2009-2981Improper Input Validation in Adobe Acrobat

CWE-20Improper Input Validation4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
7.0%
top 8.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedOct 19
Latest updateMay 2

Description

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader9.1.3+25
NVDadobe/acrobat9.1.3+23

Patches

Patch: www.adobe.comPatch: www.us-cert.govPatch: www.vupen.com

🔴Vulnerability Details

1
GHSA
GHSA-j73r-w9hq-h7h7: Adobe Reader and Acrobat 72022-05-02

📋Vendor Advisories

1
Red Hat
acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15)2009-10-13

💬Community

1
Bugzilla
CVE-2009-2981 acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15)2009-10-13
CVE-2009-2981 — Improper Input Validation in Adobe | cvebase