Main Vulnerability Database Vulnerabilities #VU2607

#VU2607 Spoofing attack in Adobe Reader and Adobe Acrobat - CVE-2009-2982

Published: December 21, 2016 / Updated: January 9, 2017

Vulnerability identifier: #VU2607

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2009-2982

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Adobe Reader
Adobe Acrobat

Software vendor:
Adobe

Description

The vulnerability allows a remote attacker to perform spoofing attack on the target system.

The vulnerability exists due to improper verification of certificates. A remote attacker can use man-in-the-middle techniques to spoof certificates, redirect a victim to a malicious Web site that would appear to be trusted and inject arbitrary data in server response.

Successful exploitation of this vulnerability may result in information disclosure and further attacks on the vulnerable system.

Remediation

Update Adobe Reader for Windows, Macintosh, and UNIX to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
Update Adobe Acrobat for Windows and Macintosh to version 9.2:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

External links

http://www.adobe.com/support/security/bulletins/apsb09-15.html