Back to KEVs

CVE-2009-0658

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 20, 2009
Published Date
February 20, 2009
Last Updated
August 07, 2024
Vendor
Adobe
Product
Reader
Description
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2009-02-20 19:00:00 UTC) Source

References

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 http://secunia.com/advisories/34790 http://www.adobe.com/support/security/bulletins/apsb09-04.html https://www.exploit-db.com/exploits/8099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697 http://isc.sans.org/diary.html?n&storyid=5902 http://www.us-cert.gov/cas/techalerts/TA09-051A.html http://www.adobe.com/support/security/advisories/apsa09-01.html http://osvdb.org/52073 http://secunia.com/advisories/34490 http://secunia.com/advisories/33901 http://www.redhat.com/support/errata/RHSA-2009-0376.html http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2 http://secunia.com/advisories/34392 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html http://secunia.com/advisories/34706 http://www.vupen.com/english/advisories/2009/0472 http://www.kb.cert.org/vuls/id/905281 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1 http://www.securityfocus.com/bid/33751 https://exchange.xforce.ibmcloud.com/vulnerabilities/48825 http://www.securitytracker.com/id?1021739 https://www.exploit-db.com/exploits/8090 http://security.gentoo.org/glsa/glsa-200904-17.xml http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.vupen.com/english/advisories/2009/1019

Known Exploited Vulnerability Information

Source Added Date
CVE 2009-02-20 19:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel