openSUSE update for flash-player
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2007-0045 CVE-2007-0048 CVE-2009-2564 CVE-2009-2979 CVE-2009-2980 CVE-2009-2981 CVE-2009-2982 CVE-2009-2983 CVE-2009-2985 CVE-2009-2986 CVE-2009-2988 CVE-2009-2990 CVE-2009-2991 CVE-2009-2992 CVE-2009-2993 CVE-2009-2994 CVE-2009-2996 CVE-2009-2997 CVE-2009-3431 CVE-2009-3458 CVE-2009-3459 CVE-2009-3462 |
| CWE-ID | CWE-79 CWE-264 CWE-776 CWE-190 CWE-20 CWE-295 CWE-119 CWE-129 CWE-141 CWE-233 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #19 is available. Vulnerability #21 is being exploited in the wild. |
| Vulnerable software Subscribe |
Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU1889
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-0045
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-input passed via FDF, XML, or XFDF parameter. A remote attacker can create a specially .pdf URL, trick the victim to follow it and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU1835
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-0048
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attack.
The vulnerability exists due to incorrect filtration of input data. A remote attacker can append specially URL containing a long sequence of # (hash) characters to PDF file, trick the victim into opening it, trigger memory corruption and cause the affected browser to crash.
Successful exploitation of this vulnerability results in denial of service on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.x - 9.x
Adobe Reader: 7.x - 9.x
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU1955
Risk: Medium
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2009-2564
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain elevated privileges on vulnerable system.
The vulnerability exists due to insecure permissions on the NOS directory in getPlus Download Manager. By replacing the getPlus_HelperSvc.exe file, an attacker could exploit this vulnerability to gain SYSTEM privileges.
Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.
MitigationUpdate the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) XML entity expansion
EUVDB-ID: #VU2013
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2979
CWE-ID:
CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to XMP-XML entity expansion. A remote attacker can create a specially crafted file, trick the victim into opening it and trigger the application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer Overflow or Wraparound
EUVDB-ID: #VU2605
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2980
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to trigger DoS conditions and even execute arbitrary code on the target system.
The weakness exists due to integer overflow when processing a malformed PDF file. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system or cause denial of service with privileges of the current user.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security bypass
EUVDB-ID: #VU2606
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2981
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted file, trick the victim into opening it and bypass Trust Manager restrictions.
Successful exploitation of the vulnerability may result in access to the vulnerable application.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Spoofing attack
EUVDB-ID: #VU2607
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2982
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack on the target system.
The vulnerability exists due to improper verification of certificates. A remote attacker can use man-in-the-middle techniques to spoof certificates, redirect a victim to a malicious Web site that would appear to be trusted and inject arbitrary data in server response.
Successful exploitation of this vulnerability may result in information disclosure and further attacks on the vulnerable system.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory corruption
EUVDB-ID: #VU2609
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2009-2983
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to trigger DoS conditions and even execute arbitrary code on the target system.
The weakness exists due to boundary error when handling COM objects. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system or cause denial of service with privileges of the current user.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Memory corruption
EUVDB-ID: #VU2654
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2985
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malformed Compact Font Format stream embedded within a PDF document. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Heap-based buffer overflow
EUVDB-ID: #VU2655
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2986
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malformed PDF document. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Denial of service
EUVDB-ID: #VU2657
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2988
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to an error in ActiveX control. By sending a specially crafted .pdf file, a remote attacker can cause the application to crash.
Successful exploitation of the vulnerability may result in denial of service.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper Validation of Array Index
EUVDB-ID: #VU2659
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2009-2990
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to array indexing error in the 3difr.x3d plugin. A remote attacker can create a specially crafted U3D file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
13) Memory corruption
EUVDB-ID: #VU2660
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2991
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Denial of service
EUVDB-ID: #VU2661
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2992
CWE-ID:
CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to an error in ActiveX control. By persuading a victim to visit a Web page that passes specially crafted arguments, a remote attacker can cause the affected application to crash.
Successful exploitation of the vulnerability may result in denial of service.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper Handling of Parameters
EUVDB-ID: #VU2662
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2993
CWE-ID:
CWE-233 - Improper Handling of Parameters
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper implementation of the Privileged Context and Safe Path restrictions for unspecified JavaScript methods. A remote attacker can create a specially crafted PDF file containing the cPath parameter, trick the victim into opening it and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Heap-based buffer overflow
EUVDB-ID: #VU2663
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2009-2994
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow, caused by an integer overflow in CLOD Mesh Declaration block. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
17) Memory corruption
EUVDB-ID: #VU2666
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to trigger DoS conditions and even execute arbitrary code on the target system.
The weakness exists due to image decoder issue. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system or cause denial of service with privileges of the current user.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Heap-based buffer overflow
EUVDB-ID: #VU2667
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-2997
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malformed PDF file. A remote attacker can create a specially crafted.pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Denial of service
EUVDB-ID: #VU2669
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2009-3431
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to stack consumption when handling malformed documents. A remote attacker can create a specially crafted PDF file with a large number of [ (open square bracket) characters in the argument to the alert method, trick the victim into opening it, trigger memory cause the affected application to crash.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
20) Memory corruption
EUVDB-ID: #VU2670
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3458
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Acrobat: 7.0 - 9.1.3
Adobe Reader: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Heap-based buffer overflow
EUVDB-ID: #VU1675
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2009-3459
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing a malformed PDF file. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Reader: 8.0 - 9.1.3
Adobe Acrobat: 8.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
22) Memory corruption
EUVDB-ID: #VU2673
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3462
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to format bug when running in Debug mode on UNIX system. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update the affected packages.
Adobe Reader: 7.0 - 9.1.3
Adobe Acrobat: 7.0 - 9.1.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
