CVE-2009-2998
published 2009-10-19CVE-2009-2998: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
10.39%
95.2th percentile
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | <= 9.1.3 | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mxjg-fcq7-wmwq: Adobe Reader and Acrobat 7
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-3458 [CRITICAL] CWE-20 GHSA-mxjg-fcq7-wmwq: Adobe Reader and Acrobat 7
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
GHSA
GHSA-745f-p38x-qh76: Adobe Reader and Acrobat 7
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-2998 [CRITICAL] CWE-20 GHSA-745f-p38x-qh76: Adobe Reader and Acrobat 7
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Red Hat
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
vendor_redhat·2009-10-13·CVSS 9.3
CVE-2009-2998 [CRITICAL] acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Red Hat
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
vendor_redhat·2009-10-13·CVSS 9.3
CVE-2009-3458 [CRITICAL] acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
No detection rules found.
No public exploits indexed.
http://securitytracker.com/id?1023007http://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.securityfocus.com/bid/36638http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.vupen.com/english/advisories/2009/2898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6418http://securitytracker.com/id?1023007http://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.securityfocus.com/bid/36638http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.vupen.com/english/advisories/2009/2898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6418
2009-10-19
Published