CVE-2009-1061 : Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4,

Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.

Published 2009-03-25 01:30:01

Updated 2018-11-08 20:28:06

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validationExecute code

Products affected by CVE-2009-1061

Adobe » Acrobat Reader
Versions from including (>=) 8.0 and before (<) 8.1.4
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Matching versions
Adobe » Acrobat Reader
Versions from including (>=) 9.0 and before (<) 9.1
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Matching versions
Adobe » Acrobat Reader
Versions from including (>=) 7.0 and before (<) 7.1.1
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1061

EPSS FAQ

12.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1061

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-1061

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1061

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html

[security-announce] SUSE Security Announcement: acroread (SUSE-SA:2009:014) - openSUSE Security Announce - openSUSE Mailing Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2009-0376.html

Third Party Advisory

CVEs referencing this url
http://www.adobe.com/support/security/bulletins/apsb09-04.html

Adobe - Security Advisories : APSB09-04 - Security Updates available for Adobe Reader and Acrobat
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1021892

Third Party Advisory;VDB Entry

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200904-17.xml

Third Party Advisory

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1

Broken Link

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1019

Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:009 - openSUSE Security Announce - openSUSE Mailing Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/34229

Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2009-1061

Products affected by CVE-2009-1061

Exploit prediction scoring system (EPSS) score for CVE-2009-1061

CVSS scores for CVE-2009-1061

CWE ids for CVE-2009-1061

References for CVE-2009-1061