Added: 10/27/2009
CVE: CVE-2009-3459
BID: 36600
OSVDB: 58729
Adobe Reader is free software for viewing PDF documents.
An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed objects which use the TIFF predictor.
Upgrade to Adobe Reader 9.2 or higher.
<http://www.adobe.com/support/security/bulletins/apsb09-15.html>
<http://www.us-cert.gov/cas/techalerts/TA09-286B.html>
Exploit works on Adobe Reader 9.1 and requires a user to open the exploit file in Adobe Reader.
Due to the nature of the vulnerability, the success of the exploit depends on the state of the target.
Windows