CVE-2009-2985
Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.
Adobe Reader y Acrobat v7.x anteriores a v7.1.4, v8.x anteriores a v8.1.7 y v9.x anteriores a v9.2 permite a atacantes provocar una denegación de servicio (consumo de memoria) o probablemente ejecutar código de su elección mediante vectores no especificados, siendo una vulnerabilidad diferente a CVE-2009-2996.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists when the application parses a PDF file containing a malformed Compact Font Format stream. While decoding the font embedded in this stream, the application will explicitly trust a 16-bit value used to index into an array of elements. Usage of the object later will cause heap corruption which can be leveraged to achieve code execution under the context of the current user.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-27 CVE Reserved
- 2009-10-13 CVE Published
- 2024-07-09 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1023007 | Vdb Entry | |
| http://www.securityfocus.com/bid/36638 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6145 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb09-15.html | 2018-10-30 | |
| http://www.us-cert.gov/cas/techalerts/TA09-286B.html | 2018-10-30 | |
| http://www.vupen.com/english/advisories/2009/2898 | 2018-10-30 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2009-2985 | 2009-10-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=528659 | 2009-10-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 9.1.3 Search vendor "Adobe" for product "Acrobat" and version " <= 9.1.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0 Search vendor "Adobe" for product "Acrobat" and version "7.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.1 Search vendor "Adobe" for product "Acrobat" and version "7.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.2 Search vendor "Adobe" for product "Acrobat" and version "7.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.3 Search vendor "Adobe" for product "Acrobat" and version "7.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.4 Search vendor "Adobe" for product "Acrobat" and version "7.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.5 Search vendor "Adobe" for product "Acrobat" and version "7.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.6 Search vendor "Adobe" for product "Acrobat" and version "7.0.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.7 Search vendor "Adobe" for product "Acrobat" and version "7.0.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.8 Search vendor "Adobe" for product "Acrobat" and version "7.0.8" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.9 Search vendor "Adobe" for product "Acrobat" and version "7.0.9" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.1.0 Search vendor "Adobe" for product "Acrobat" and version "7.1.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.1.1 Search vendor "Adobe" for product "Acrobat" and version "7.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.1.3 Search vendor "Adobe" for product "Acrobat" and version "7.1.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.0 Search vendor "Adobe" for product "Acrobat" and version "8.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1 Search vendor "Adobe" for product "Acrobat" and version "8.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1.1 Search vendor "Adobe" for product "Acrobat" and version "8.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1.2 Search vendor "Adobe" for product "Acrobat" and version "8.1.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1.3 Search vendor "Adobe" for product "Acrobat" and version "8.1.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1.4 Search vendor "Adobe" for product "Acrobat" and version "8.1.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 8.1.6 Search vendor "Adobe" for product "Acrobat" and version "8.1.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 9.0 Search vendor "Adobe" for product "Acrobat" and version "9.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 9.1.1 Search vendor "Adobe" for product "Acrobat" and version "9.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 9.1.2 Search vendor "Adobe" for product "Acrobat" and version "9.1.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | <= 9.1.3 Search vendor "Adobe" for product "Acrobat Reader" and version " <= 9.1.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.1 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.2 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.3 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.4 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.6 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.7 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.8 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.8" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.9 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.9" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.1.0 Search vendor "Adobe" for product "Acrobat Reader" and version "7.1.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.1.1 Search vendor "Adobe" for product "Acrobat Reader" and version "7.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.1.3 Search vendor "Adobe" for product "Acrobat Reader" and version "7.1.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.0 Search vendor "Adobe" for product "Acrobat Reader" and version "8.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1.1 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1.2 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1.3 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1.4 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1.5 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 8.1.6 Search vendor "Adobe" for product "Acrobat Reader" and version "8.1.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 9.0 Search vendor "Adobe" for product "Acrobat Reader" and version "9.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 9.1 Search vendor "Adobe" for product "Acrobat Reader" and version "9.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 9.1.1 Search vendor "Adobe" for product "Acrobat Reader" and version "9.1.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 9.1.2 Search vendor "Adobe" for product "Acrobat Reader" and version "9.1.2" | - |
Affected
| ||||||