VulDB: Adobe Reader up to 9.2 on Firefox buffer overflow
General
scipID: 4039
Affected: Adobe Reader up to 9.2
Published: 10/09/2009 (Elazar Broad)
Risk: 
critical
Entry: 82.8% complete
Created: 10/19/2009
Summary
A vulnerability was found in Adobe Reader up to 9.2. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was shared 10/09/2009 by Elazar Broad with iDefense. The advisory is shared for download at adobe.com. The attack can be launched remotely. The technical details are unknown and an exploit is not publicly available.
The best possible mitigation is suggested to be upgrading to the latest version. The vulnerability is also documented in the vulnerability database at Secunia (SA36983).CVSS
Base Score: 6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
CPE
- cpe:/a:adobe:reader:9.2
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
0-Day Time: 0 days since found
Timeline
10/09/2009 | Advisory disclosed
10/19/2009 | VulDB entry created
10/19/2009 | VulDB entry updated
Sources
Advisory: adobe.com
Researcher: Elazar Broad
Company: iDefense
Secunia: 36983
