Test ID:	1.3.6.1.4.1.25623.1.0.800706
Category:	Denial of Service
Title:	Adobe Reader/Acrobat Denial of Service Vulnerability (May 2009)
Summary:	Adobe Reader/Acrobat is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Adobe Reader/Acrobat is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: This flaw is due to memory corruption error in 'getAnnots' methods in the JavaScript API while processing malicious PDF files that calls this vulnerable method with crafted integer arguments. Vulnerability Impact: Successful exploitation will let the attacker cause memory corruption or denial of service. Affected Software/OS: Adobe Reader/Acrobat version 9.1 and prior on Windows. Solution: Upgrade to Adobe Reader/Acrobat version 9.3.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1492 BugTraq ID: 34736 http://www.securityfocus.com/bid/34736 Cert/CC Advisory: TA09-133B http://www.us-cert.gov/cas/techalerts/TA09-133B.html CERT/CC vulnerability note: VU#970180 http://www.kb.cert.org/vuls/id/970180 https://www.exploit-db.com/exploits/8569 http://security.gentoo.org/glsa/glsa-200907-06.xml http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt http://osvdb.org/54130 http://www.redhat.com/support/errata/RHSA-2009-0478.html http://www.securitytracker.com/id?1022139 http://secunia.com/advisories/34924 http://secunia.com/advisories/35055 http://secunia.com/advisories/35096 http://secunia.com/advisories/35152 http://secunia.com/advisories/35358 http://secunia.com/advisories/35416 http://secunia.com/advisories/35734 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1 SuSE Security Announcement: SUSE-SA:2009:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/1189 http://www.vupen.com/english/advisories/2009/1317 XForce ISS Database: reader-getannots-code-execution(50145) https://exchange.xforce.ibmcloud.com/vulnerabilities/50145
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.