Main Vulnerability Database Vulnerabilities #VU2607

Spoofing attack in Adobe Reader and Adobe Acrobat - CVE-2009-2982

Published: December 21, 2016 / Updated: January 9, 2017

Vulnerability identifier: #VU2607

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2009-2982

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Adobe Reader
Adobe Acrobat

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack on the target system.

The vulnerability exists due to improper verification of certificates. A remote attacker can use man-in-the-middle techniques to spoof certificates, redirect a victim to a malicious Web site that would appear to be trusted and inject arbitrary data in server response.

Successful exploitation of this vulnerability may result in information disclosure and further attacks on the vulnerable system.

How to mitigate CVE-2009-2982

Update Adobe Reader for Windows, Macintosh, and UNIX to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
Update Adobe Acrobat for Windows and Macintosh to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Sources

http://www.adobe.com/support/security/bulletins/apsb09-15.html

Spoofing attack in Adobe Reader and Adobe Acrobat - CVE-2009-2982

Detailed vulnerability description

How to mitigate CVE-2009-2982

Sources

Please verify you're human