Lucene search

[email protected]CVE-2009-4764

HistoryApr 05, 2010 - 3:30 p.m.

CVE-2009-4764

2010-04-0515:30:00

CWE-94

[email protected]

web.nvd.nist.gov

adobe

reader

windows

exe

pdf

remote attack

arbitrary code

crafted document

cve-2009-4764

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

89.7%

JSON

Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.

CPENameOperatorVersion
adobe:acrobat_readeradobe acrobat readereq8.0
adobe:acrobat_readeradobe acrobat readereq8.1
adobe:acrobat_readeradobe acrobat readereq8.1.1
adobe:acrobat_readeradobe acrobat readereq8.1.2
adobe:acrobat_readeradobe acrobat readereq8.1.4
adobe:acrobat_readeradobe acrobat readereq8.1.5
adobe:acrobat_readeradobe acrobat readereq8.1.6
adobe:acrobat_readeradobe acrobat readereq8.1.7
adobe:acrobat_readeradobe acrobat readereq9.0
adobe:acrobat_readeradobe acrobat readereq9.1

CPE	Name	Operator	Version
adobe:acrobat_reader	adobe acrobat reader	eq	8.0
adobe:acrobat_reader	adobe acrobat reader	eq	8.1
adobe:acrobat_reader	adobe acrobat reader	eq	8.1.1
adobe:acrobat_reader	adobe acrobat reader	eq	8.1.2
adobe:acrobat_reader	adobe acrobat reader	eq	8.1.4
adobe:acrobat_reader	adobe acrobat reader	eq	8.1.5
adobe:acrobat_reader	adobe acrobat reader	eq	8.1.6
adobe:acrobat_reader	adobe acrobat reader	eq	8.1.7
adobe:acrobat_reader	adobe acrobat reader	eq	9.0
adobe:acrobat_reader	adobe acrobat reader	eq	9.1

Rows per page:

1-10 of 151

References

lists.immunitysec.com/pipermail/dailydave/2010-April/006072.html

lists.immunitysec.com/pipermail/dailydave/2010-April/006074.html

www.metasploit.com/redmine/projects/framework/repository/revisions/8379/changes/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb

exchange.xforce.ibmcloud.com/vulnerabilities/57994

forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vulnerabili/?page=1#post-1199

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6976

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2009-4764

cvelist1 openvas1 prion1