CVE-2009-0927
high-risk
Published 2009-03-19
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Do I need to act?
!
93.3% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (33)
Third Party Advisory
http://secunia.com/advisories/34490
Third Party Advisory
http://secunia.com/advisories/34706
Third Party Advisory
http://secunia.com/advisories/34790
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200904-17.xml
Third Party Advisory
http://www.exploit-db.com/exploits/9579
Third Party Advisory
http://www.securityfocus.com/archive/1/502116/100/0/threaded
Third Party Advisory
http://www.securityfocus.com/bid/34169
Third Party Advisory
http://www.securitytracker.com/id?1021861
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0770
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1019
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-014
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49312
Third Party Advisory
http://secunia.com/advisories/34490
Third Party Advisory
http://secunia.com/advisories/34706
and 13 more references
69
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
34/34 · Critical
Exposure
5/34 · Minimal