Lucene search

K
saintSAINT CorporationSAINT:5A0E6E7609127A8C7F91D571B6798F3C
HistoryFeb 27, 2009 - 12:00 a.m.

Adobe Reader JBIG2 image stream buffer overflow

2009-02-2700:00:00
SAINT Corporation
download.saintcorporation.com
14

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.972

Percentile

99.9%

Added: 02/27/2009
CVE: CVE-2009-0658
BID: 33751
OSVDB: 52073

Background

Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.

Problem

A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a specially crafted JBIG2 image stream.

Resolution

Apply the update referenced in APSA 09-01 when available.

References

http://www.us-cert.gov/cas/techalerts/TA09-051A.html

Limitations

Exploit works on Adobe Reader 8.1.2 and requires a user to open the exploit PDF file in Adobe Reader.

Due to the nature of the vulnerability, the success of this exploit depends on the state of the target system.

Platforms

Windows 2000

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.972

Percentile

99.9%