#VU2607 Spoofing attack in Adobe Reader and Adobe Acrobat - CVE-2009-2982 

 

#VU2607 Spoofing attack in Adobe Reader and Adobe Acrobat - CVE-2009-2982

Published: December 21, 2016 / Updated: January 9, 2017


Vulnerability identifier: #VU2607
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2009-2982
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Adobe Reader
Adobe Acrobat
Software vendor:
Adobe

Description

The vulnerability allows a remote attacker to perform spoofing attack on the target system.

The vulnerability exists due to improper verification of certificates. A remote attacker can use man-in-the-middle techniques to spoof certificates, redirect a victim to a malicious Web site that would appear to be trusted and inject arbitrary data in server response.

Successful exploitation of this vulnerability may result in information disclosure and further attacks on the vulnerable system.


Remediation


External links