CVE-2009-1062 : Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allo

Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.

Published 2009-03-25 01:30:01

Updated 2018-10-30 16:25:43

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionInput validationExecute code

Products affected by CVE-2009-1062

Adobe » Acrobat Reader
Versions up to, including, (<=) 9.0
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Matching versions
Adobe » Acrobat Reader » Version: 7.0
cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
Matching versions
Adobe » Acrobat » Professional Edition
Versions up to, including, (<=) 9.0
cpe:2.3:a:adobe:acrobat:*:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Standard Edition
Versions up to, including, (<=) 9.0
cpe:2.3:a:adobe:acrobat:*:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.1 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.2 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.5 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.6 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.3 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.4 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.7 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.8 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.8 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.2 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.3 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.6 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.7 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.1 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.4 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.5 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0 Standard Edition
cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.1 Professional Edition
cpe:2.3:a:adobe:acrobat:8.1.1:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.1.1 Standard Edition
cpe:2.3:a:adobe:acrobat:7.1.1:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.2 Update Security Update Professional Edition
cpe:2.3:a:adobe:acrobat:8.1.2:security_update:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.4 Standard Edition
cpe:2.3:a:adobe:acrobat:8.1.4:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1 Standard Edition
cpe:2.3:a:adobe:acrobat:8.1:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.0 Standard Edition
cpe:2.3:a:adobe:acrobat:8.0:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.3 Professional Edition
cpe:2.3:a:adobe:acrobat:8.1.3:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.4 Professional Edition
cpe:2.3:a:adobe:acrobat:8.1.4:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.3 Standard Edition
cpe:2.3:a:adobe:acrobat:8.1.3:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.2 Standard Edition
cpe:2.3:a:adobe:acrobat:8.1.2:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.1 Standard Edition
cpe:2.3:a:adobe:acrobat:8.1.1:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.0.9 Professional Edition
cpe:2.3:a:adobe:acrobat:7.0.9:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.1 Professional Edition
cpe:2.3:a:adobe:acrobat:7.1:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 7.1 Standard Edition
cpe:2.3:a:adobe:acrobat:7.1:*:standard:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.0 Professional Edition
cpe:2.3:a:adobe:acrobat:8.0:*:professional:*:*:*:*:*
Matching versions
Adobe » Acrobat » Version: 8.1.2 Professional Edition
cpe:2.3:a:adobe:acrobat:8.1.2:*:professional:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.0.10
cpe:2.3:a:adobe:reader:5.0.10:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.0.5
cpe:2.3:a:adobe:reader:5.0.5:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 6.0.5
cpe:2.3:a:adobe:reader:6.0.5:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 6.0.4
cpe:2.3:a:adobe:reader:6.0.4:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.0.5
cpe:2.3:a:adobe:reader:7.0.5:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.0.3
cpe:2.3:a:adobe:reader:7.0.3:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 4.0.5a
cpe:2.3:a:adobe:reader:4.0.5a:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 4.0.5c
cpe:2.3:a:adobe:reader:4.0.5c:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 4.5
cpe:2.3:a:adobe:reader:4.5:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.0.7
cpe:2.3:a:adobe:reader:5.0.7:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.0.11
cpe:2.3:a:adobe:reader:5.0.11:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 6.0.3
cpe:2.3:a:adobe:reader:6.0.3:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 6.0.1
cpe:2.3:a:adobe:reader:6.0.1:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.0.8
cpe:2.3:a:adobe:reader:7.0.8:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 8.1.2
cpe:2.3:a:adobe:reader:8.1.2:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.1.1
cpe:2.3:a:adobe:reader:7.1.1:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 4.0
cpe:2.3:a:adobe:reader:4.0:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 6.0
cpe:2.3:a:adobe:reader:6.0:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.1
cpe:2.3:a:adobe:reader:5.1:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.0.2
cpe:2.3:a:adobe:reader:7.0.2:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 8.1.1
cpe:2.3:a:adobe:reader:8.1.1:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.1.0
cpe:2.3:a:adobe:reader:7.1.0:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 8.1.4
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 4.0.5
cpe:2.3:a:adobe:reader:4.0.5:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.0.9
cpe:2.3:a:adobe:reader:5.0.9:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.0.6
cpe:2.3:a:adobe:reader:5.0.6:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 6.0.2
cpe:2.3:a:adobe:reader:6.0.2:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.0.1
cpe:2.3:a:adobe:reader:7.0.1:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.0.9
cpe:2.3:a:adobe:reader:7.0.9:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 7.0.7
cpe:2.3:a:adobe:reader:7.0.7:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 5.0
cpe:2.3:a:adobe:reader:5.0:*:*:*:*:*:*:*
Matching versions
Adobe » Reader » Version: 3.0
cpe:2.3:a:adobe:reader:3.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1062

EPSS FAQ

8.61%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1062

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-1062

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1062

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html

[security-announce] SUSE Security Announcement: acroread (SUSE-SA:2009:014) - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2009-0376.html

CVEs referencing this url
http://www.adobe.com/support/security/bulletins/apsb09-04.html

Adobe - Security Advisories : APSB09-04 - Security Updates available for Adobe Reader and Acrobat
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1021892

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200904-17.xml

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1019

Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:009 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.securityfocus.com/bid/34229

Patch

CVEs referencing this url
http://www.ivizsecurity.com/security-advisory-iviz-sr-09001.html

Patch

Jump to

Vulnerability Details : CVE-2009-1062

Products affected by CVE-2009-1062

Exploit prediction scoring system (EPSS) score for CVE-2009-1062

CVSS scores for CVE-2009-1062

CWE ids for CVE-2009-1062

References for CVE-2009-1062