返回 CVE 浏览器

CVE-2009-0927

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score54.9120%

EPSS Percentile93.14th

Published2009年3月19日

Last Modified2026年4月22日

Vulnerability Description

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.

Affected Platforms (CPE)

📦

Adobe

Acrobat Reader

>= 7.0 and < 7.1.1

📦

Adobe

Acrobat Reader

>= 8.0 and < 8.1.3

📦

Adobe

Acrobat Reader

>= 9.0 and < 9.1

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

🔗 http://secunia.com/advisories/34490

🔗 http://secunia.com/advisories/34706

🔗 http://secunia.com/advisories/34790

🔗 http://security.gentoo.org/glsa/glsa-200904-17.xml

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1

🔗 http://www.adobe.com/support/security/bulletins/apsb09-04.html

相关漏洞威胁

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...