SAINT CorporationSAINT:CC6B2FA9FE7E2F8E008BA63A7C408CDCAdobe Reader JBIG2 image stream buffer overflow
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Added: 02/27/2009
CVE: CVE-2009-0658
BID: 33751
OSVDB: 52073
Background
Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents.
Problem
A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a specially crafted JBIG2 image stream.
Resolution
Apply the update referenced in APSA 09-01 when available.
References
<http://www.us-cert.gov/cas/techalerts/TA09-051A.html>
Limitations
Exploit works on Adobe Reader 8.1.2 and requires a user to open the exploit PDF file in Adobe Reader.
Due to the nature of the vulnerability, the success of this exploit depends on the state of the target system.
Platforms
Windows 2000
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%