Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:700D143F0F7B3682B84E3794D485E77B
HistoryOct 27, 2009 - 12:00 a.m.

Adobe Reader FlateDecode filter TIFF Predictor integer overflow

2009-10-2700:00:00
SAINT Corporation
download.saintcorporation.com
8

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON

Added: 10/27/2009
CVE: CVE-2009-3459
BID: 36600
OSVDB: 58729

Background

Adobe Reader is free software for viewing PDF documents.

Problem

An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed objects which use the TIFF predictor.

Resolution

Upgrade to Adobe Reader 9.2 or higher.

References

<http://www.adobe.com/support/security/bulletins/apsb09-15.html&gt;
<http://www.us-cert.gov/cas/techalerts/TA09-286B.html&gt;

Limitations

Exploit works on Adobe Reader 9.1 and requires a user to open the exploit file in Adobe Reader.

Due to the nature of the vulnerability, the success of the exploit depends on the state of the target.

Platforms

Windows

Related

saint 3
packetstorm 2
checkpoint_advisories 1
securityvulns 2
ubuntucve 1
cve 1
prion 1
seebug 2
redhat 1
nessus 13
openvas 8
gentoo 1
suse 1
saint
saint
Adobe Reader FlateDecode filter TIFF Predictor integer overflow
2009-10-27 00:00:00
Adobe Reader FlateDecode filter TIFF Predictor integer overflow
2009-10-27 00:00:00
Adobe Reader FlateDecode filter TIFF Predictor integer overflow
2009-10-27 00:00:00
packetstorm
packetstorm
Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-12-31 00:00:00
Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-12-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Adobe Reader Deflate Parameter Integer Overflow (CVE-2009-3459)
2014-12-17 00:00:00
securityvulns
securityvulns
In-depth research on the recent PDF zero-day exploit &#40;CVE-2009-3459&#41;
2009-10-19 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2009-10-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-3459
2009-10-13 00:00:00
cve
cve
CVE-2009-3459
2009-10-13 10:30:00
prion
prion
Heap overflow
2009-10-13 10:30:00
seebug
seebug
Adobe Acrobat ReaderθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2009-10-09 00:00:00
Adobe Reader: Multiple vulnerabilities
2009-10-27 00:00:00
redhat
redhat
(RHSA-2009:1499) Critical: acroread security update
2009-10-14 00:00:00
nessus
nessus
RHEL 3 / 4 / 5 : acroread (RHSA-2009:1499)
2009-10-15 00:00:00
GLSA-200910-03 : Adobe Reader: Multiple vulnerabilities
2009-10-26 00:00:00
openSUSE 10 Security Update : acroread (acroread-6588)
2009-10-30 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1499
2009-10-19 00:00:00
RedHat Security Advisory RHSA-2009:1499
2009-10-19 00:00:00
Gentoo Security Advisory GLSA 200910-03 (acroread)
2009-10-27 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2009-10-25 00:00:00
suse
suse
remote code execution in acroread, acroread_ja
2009-10-26 13:17:31

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:700D143F0F7B3682B84E3794D485E77B
saint3packetstorm2checkpoint_advisories1securityvulns2ubuntucve1cve1prion1seebug2redhat1nessus13openvas8gentoo1suse1