Main Vulnerability Database Exploits ID:629 - Exploit for Privilege escalation in Adobe Acrobat and Adobe Reader - CVE-2009-2564

ID:629 - Exploit for Privilege escalation in Adobe Acrobat and Adobe Reader - CVE-2009-2564

Published: March 18, 2020

Vulnerability identifier: #VU1955

Vulnerability risk: Medium

CVE-ID: CVE-2009-2564

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Adobe Acrobat
Adobe Reader

Link to public exploit:

https://www.exploit-db.com/exploits/9199/

Vulnerability description

The vulnerability allows a local attacker to obtain elevated privileges on vulnerable system.

The vulnerability exists due to insecure permissions on the NOS directory in getPlus Download Manager. By replacing the getPlus_HelperSvc.exe file, an attacker could exploit this vulnerability to gain SYSTEM privileges.

Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.

Remediation

Update Adobe Reader for Windows, Macintosh, and UNIX to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
Update Adobe Acrobat for Windows and Macintosh to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

ID:629 - Exploit for Privilege escalation in Adobe Acrobat and Adobe Reader - CVE-2009-2564

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human