Test ID:	1.3.6.1.4.1.25623.1.0.800701
Category:	Denial of Service
Title:	Adobe Reader Denial of Service Vulnerability (May 2009)
Summary:	Adobe Reader is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Adobe Reader is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: These flaws are due to a memory corruption errors in 'customDictionaryOpen' and 'getAnnots' methods in the JavaScript API while processing malicious PDF files with a long string in the second argument. Vulnerability Impact: Successful exploitation will let the attacker cause memory corruption or denial of service. Affected Software/OS: Adobe Reader version 9.1 and prior on Linux. Solution: Upgrade Adobe Reader version 9.3.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1493 BugTraq ID: 34740 http://www.securityfocus.com/bid/34740 Cert/CC Advisory: TA09-133B http://www.us-cert.gov/cas/techalerts/TA09-133B.html CERT/CC vulnerability note: VU#970180 http://www.kb.cert.org/vuls/id/970180 https://www.exploit-db.com/exploits/8570 http://security.gentoo.org/glsa/glsa-200907-06.xml http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt http://osvdb.org/54129 http://www.redhat.com/support/errata/RHSA-2009-0478.html http://www.securitytracker.com/id?1022139 http://secunia.com/advisories/34924 http://secunia.com/advisories/35055 http://secunia.com/advisories/35096 http://secunia.com/advisories/35152 http://secunia.com/advisories/35358 http://secunia.com/advisories/35416 http://secunia.com/advisories/35734 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1 SuSE Security Announcement: SUSE-SA:2009:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/1189 http://www.vupen.com/english/advisories/2009/1317 XForce ISS Database: reader-spellcustom-code-execution(50146) https://exchange.xforce.ibmcloud.com/vulnerabilities/50146 Common Vulnerability Exposure (CVE) ID: CVE-2009-1492 BugTraq ID: 34736 http://www.securityfocus.com/bid/34736 https://www.exploit-db.com/exploits/8569 http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt http://osvdb.org/54130 XForce ISS Database: reader-getannots-code-execution(50145) https://exchange.xforce.ibmcloud.com/vulnerabilities/50145
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.