ByteOS Network

NVD Vulnerability Details :

CVE-2009-2995

Modified

Source-cve@mitre.org

Published At-19 Oct, 2009 | 22:30

Updated At-30 Oct, 2018 | 16:25

Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P

CPE Matches

Adobe Inc.

>>acrobat>>Versions up to 9.1.3(inclusive)

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0

cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.1

cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.2

cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.3

cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.4

cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.5

cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.6

cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.7

cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.8

cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.0.9

cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.1.0

cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.1.1

cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>7.1.3

cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>8.0

cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>8.1

cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>8.1.1

cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>8.1.2

cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>8.1.3

cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>8.1.4

cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>8.1.6

cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>9.0

cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>9.1.1

cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*

Adobe Inc.

>>acrobat>>9.1.2

cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-189	Primary	nvd@nist.gov

Evaluator Impact

Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html This update resolves an integer overflow in that leads to a Denial of Service (DoS). This issue is specific to Acrobat and does not affect Adobe Reader. (CVE-2009-2995).

Evaluator Solution

Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Solution Acrobat Acrobat Standard and Pro users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows. Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows Acrobat 3D users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows. Acrobat Pro users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

References

Hyperlink	Source	Resource
http://securitytracker.com/id?1023007	cve@mitre.org	N/A
http://www.adobe.com/support/security/bulletins/apsb09-15.html	cve@mitre.org	Patch Vendor Advisory
http://www.securityfocus.com/bid/36638	cve@mitre.org	N/A
http://www.us-cert.gov/cas/techalerts/TA09-286B.html	cve@mitre.org	Patch US Government Resource
http://www.vupen.com/english/advisories/2009/2898	cve@mitre.org	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6554	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History