Vulnerability Details : CVE-2009-0658
Public exploit exists!
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-0658
97.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-0658
-
Adobe JBIG2Decode Memory Corruption
Disclosure Date: 2009-02-19First seen: 2020-04-26exploit/windows/fileformat/adobe_jbig2decodeThis module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.steve -
Adobe JBIG2Decode Heap Corruption
Disclosure Date: 2009-02-19First seen: 2020-04-26exploit/windows/browser/adobe_jbig2decodeThis module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. Authors: - natron <natron@metasploit.com> - xort - redsand - MC <mc@metasploit.com> - Didier Stevens <didier.stevens
CVSS scores for CVE-2009-0658
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2009-0658
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0658
-
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html
Third Party Advisory
-
http://www.securityfocus.com/bid/33751
Third Party Advisory;VDB Entry
-
http://www.us-cert.gov/cas/techalerts/TA09-051A.html
Third Party Advisory;US Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/48825
VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697
Tool Signature
-
http://www.redhat.com/support/errata/RHSA-2009-0376.html
Third Party Advisory
-
http://www.adobe.com/support/security/bulletins/apsb09-04.html
Adobe - Security Advisories : APSB09-04 - Security Updates available for Adobe Reader and AcrobatVendor Advisory
-
http://www.securitytracker.com/id?1021739
Third Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/905281
Third Party Advisory;US Government Resource
-
http://isc.sans.org/diary.html?n&storyid=5902
Third Party Advisory
-
https://www.exploit-db.com/exploits/8090
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2009/0472
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200904-17.xml
Third Party Advisory
-
http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2
Third Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1
Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/1019
Third Party Advisory
-
https://www.exploit-db.com/exploits/8099
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:009 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219
Third Party Advisory
-
http://www.adobe.com/support/security/advisories/apsa09-01.html
Vendor Advisory
Products affected by CVE-2009-0658
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*