Main Vulnerability Database Vulnerabilities #VU1955

#VU1955 Privilege escalation in Adobe Acrobat and Adobe Reader - CVE-2009-2564

Published: December 21, 2016 / Updated: September 14, 2018

Vulnerability identifier: #VU1955

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2009-2564

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Adobe Acrobat
Adobe Reader

Software vendor:
Adobe

Description

The vulnerability allows a local attacker to obtain elevated privileges on vulnerable system.

The vulnerability exists due to insecure permissions on the NOS directory in getPlus Download Manager. By replacing the getPlus_HelperSvc.exe file, an attacker could exploit this vulnerability to gain SYSTEM privileges.

Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.

Remediation

Update Adobe Reader for Windows, Macintosh, and UNIX to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
Update Adobe Acrobat for Windows and Macintosh to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

External links

http://www.adobe.com/support/security/bulletins/apsb09-15.html