CVE-2009-2992Improper Input Validation in Adobe Acrobat

CWE-20Improper Input Validation2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
2.1%
top 15.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedOct 19
Latest updateMay 2

Description

An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDadobe/acrobat_reader9.1.3+25
NVDadobe/acrobat9.1.3+23

Patches

Patch: www.adobe.comPatch: www.us-cert.govPatch: www.vupen.com

🔴Vulnerability Details

1
GHSA
GHSA-4frw-vv4p-5hrq: An unspecified ActiveX control in Adobe Reader and Acrobat 92022-05-02
CVE-2009-2992 — Improper Input Validation in Adobe | cvebase