Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-3954 (GCVE-0-2009-3954)
Vulnerability from cvelistv5 – Published: 2010-01-13 19:00 – Updated: 2024-08-07 06:45
VLAI
EPSS
Summary
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38138 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.adobe.com/support/security/bulletins/a… | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2010-00… | vendor-advisoryx_refsource_REDHAT |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.vupen.com/english/advisories/2010/0103 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1023446 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/37761 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=554293 | x_refsource_CONFIRM |
| http://secunia.com/advisories/38215 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.us-cert.gov/cas/techalerts/TA10-013A.html | third-party-advisoryx_refsource_CERT |
Date Public
2010-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38138"
},
{
"name": "acrobat-reader-3d-code-execution(55552)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"name": "RHSA-2010:0060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"name": "oval:org.mitre.oval:def:8528",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
},
{
"name": "ADV-2010-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"name": "1023446",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023446"
},
{
"name": "37761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"name": "38215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38215"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "TA10-013A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "38138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38138"
},
{
"name": "acrobat-reader-3d-code-execution(55552)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"name": "RHSA-2010:0060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"name": "oval:org.mitre.oval:def:8528",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
},
{
"name": "ADV-2010-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"name": "1023446",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023446"
},
{
"name": "37761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"name": "38215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38215"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "TA10-013A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38138"
},
{
"name": "acrobat-reader-3d-code-execution(55552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"name": "RHSA-2010:0060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"name": "oval:org.mitre.oval:def:8528",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
},
{
"name": "ADV-2010-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"name": "1023446",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023446"
},
{
"name": "37761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37761"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"name": "38215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38215"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "TA10-013A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2009-3954",
"datePublished": "2010-01-13T19:00:00.000Z",
"dateReserved": "2009-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:45:50.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2009-3954",
"date": "2026-05-29",
"epss": "0.06276",
"percentile": "0.91061"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.2\", \"matchCriteriaId\": \"C42D46A5-DB0B-48EF-8587-C2CEDAA14A4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"465F9134-DD86-4F13-8C39-949BE6E7389A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB041EDF-EFF8-4AA6-8D59-411975547534\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C05F6A5-0FB3-489B-9B8B-64C569C03D7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AABA4FE3-662B-4956-904D-45086E000890\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"998CD79C-458E-46A8-8261-1C40C53D9FA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0155FB0B-7FAD-4388-96C8-A8543B4FDFD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"201F059D-33D1-4D9F-9C6F-FC8EB49E4735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B025E795-5713-485E-8A15-EBE4451A1A46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B453FA1D-0FE9-4324-9644-E167561926C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDEA946E-B6D2-463B-89D0-F2F37278089E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"183B5940-2310-4D2E-99F0-9792A801A442\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F8BB13E-2732-4F9E-A588-EA1C00893C8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5FCDCBF-597B-439C-8D8B-2819FC70C567\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"440B890A-90E9-4456-B92A-856CD17F0C78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79BD9D8D-39DA-403E-915D-E1B6A46A6BAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8976A7DC-1314-4C4A-A7C5-AA789D2DAB9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37854E7C-2166-48D7-AE8C-44C9468C38C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FECFC942-4F04-420C-A9B4-AE0C0590317F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F81817F2-1E3A-4A52-88F1-6B614A2A1F0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFFFFF0D-A80F-4B67-BEE2-86868EF7AA37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DC97A87-2652-4AD6-8E10-419A9AC9C245\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E1F71AE-3591-499E-B09F-AAC4E38F1CF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D75174C-EBF9-4117-9E66-80E847012853\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69B0305A-51D3-4E09-B96C-54B0ED921DA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9762FE57-837B-4FFA-9813-AC038450EB2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0055A38C-E421-40A1-8BC7-11856A20B8F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"758CC9EE-8929-405B-A845-83BAAECCB2AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24A7CF98-27EC-406A-98E2-ACC1AAAF5C93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC1BD70D-7A92-4309-A40C-9BD500997390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9C17896-8895-4731-B77A-F488A94F0CBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21AC1961-12F7-456F-9CE4-9AAF116CF141\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF9F1050-B6BE-4B99-882B-36D6E187304D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26AE76F7-D7F6-4AF2-A5C6-708B5642C288\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"749FFB51-65D4-4A4B-95F3-742440276897\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8665E53-EC1E-4B95-9064-2565BC12113E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24218FDA-F9DA-465A-B5D5-76A55C7EE04E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2C5F1C5-85CD-47B9-897F-E51D6902AF72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0E190FF-3EBC-44AB-8072-4D964E843E8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A624D44-C135-4ED3-9BA4-F4F8A044850B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B95C0A99-42E4-40A9-BF61-507E4E4DC052\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B9F55CC-3681-4A67-99D1-3F40447392D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AA53564-9ACD-4CFB-9AAC-A77440026A57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7EC46E3-77B7-4455-B3E0-A45C6B69B3DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F475858-DCE2-4C93-A51A-04718DF17593\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88687272-4CD0-42A2-B727-C322ABDE3549\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E5C4FA4-3786-47AF-BD7D-8E75927EB3AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.2\", \"matchCriteriaId\": \"E7BDB18D-A53C-4252-B2ED-42E6F3609277\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1C92642-7C8D-411A-8726-06A8A6483D65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CBE2E6C-AF0E-4A77-9EB0-3593889BC676\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B5C5C14-383C-4630-858E-D40D6C32FD4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F509566A-6D4A-40C0-8A16-F8765C5DCAAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"707D7124-6063-4510-80B4-AD9675996F67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"200FFAE3-CC1C-4A11-99AD-377D54A67195\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A990E86-07C0-49E2-92D6-55E499F30FAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AED985D-60D7-489E-9F1E-CE3C9D985B7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF7EAA22-CED2-4379-9465-9562BACB1C20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F5F7424-1E19-4078-8908-CD86A0185042\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2402B40-6B72-48B5-A376-DA8D16CA43FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D968113-340A-4E5A-B4FD-D9702D49E3DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACF742B8-5F7A-487B-835C-756B1BB392F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B9351C2-16ED-4766-B417-8DB3A8766C2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74667860-0047-40AD-9468-860591BA9D17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9628AFF9-6EE1-4E85-858F-AE96EE64B7F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E2D0266-6954-4DBA-9EEE-8BF73B39DD61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24262AFA-2EC8-479E-8922-36DB4243E404\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E62096-08B2-4722-A492-11E9A441E85B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5370AC6-90EE-48EA-8DBD-54002B102F7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C36D10A8-D211-437D-98D8-9029D0A9CF8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA55D00C-3629-48E4-8699-F62B8D703E02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"623324C2-C8B5-4C3C-9C10-9677D5A6740A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"634396D6-4ED6-4F4D-9458-396373489589\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A265869-EF58-428E-B8BB-30CABCBE0A83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADB421CD-85DE-4495-93B7-46708449AE27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32049561-270C-4B18-9E96-EA0F66ACECAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5491D310-E1C0-4FCB-9DCA-97CA1F95D4BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"996EB48E-D2A8-49E4-915A-EBDE26A9FB94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97E20936-EE31-4CEB-A710-3165A28BAD69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5BEA847-A71E-4336-AB67-B3C38847C1C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39F6994B-6969-485B-9286-2592B11A47BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC533775-B52E-43F0-BF19-1473BE36232D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18D1C85E-42CC-46F2-A7B6-DAC3C3995330\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4670451-511E-496C-A78A-887366E1E992\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"562772F1-1627-438E-A6B8-7D1AA5536086\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F25C9167-C6D4-4264-9197-50878EDA2D96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD1D7308-09E9-42B2-8836-DC2326C62A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5C251D2-4C9B-4029-8BED-0FCAED3B8E89\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7A7C398-5356-45D6-AA5C-53E63BC88DCA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \\\"DLL-loading vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podr\\u00eda permitir a atacantes ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de vectores no especificados, relacionados con un \\\"vulnerabilidad de carga DLL\\\".\"}]",
"evaluatorComment": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\na DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).",
"evaluatorImpact": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\nAffected software versions\r\n\r\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\r\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh",
"id": "CVE-2009-3954",
"lastModified": "2024-11-21T01:08:35.870",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2010-01-13T19:30:00.407",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://secunia.com/advisories/38138\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://secunia.com/advisories/38215\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-02.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0060.html\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.securityfocus.com/bid/37761\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.securitytracker.com/id?1023446\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-013A.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0103\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=554293\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/55552\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38138\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-02.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0060.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/37761\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023446\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA10-013A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=554293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/55552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2009-3954\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-01-13T19:30:00.407\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \\\"DLL-loading vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podr\u00eda permitir a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, relacionados con un \\\"vulnerabilidad de carga DLL\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2\",\"matchCriteriaId\":\"C42D46A5-DB0B-48EF-8587-C2CEDAA14A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"465F9134-DD86-4F13-8C39-949BE6E7389A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB041EDF-EFF8-4AA6-8D59-411975547534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C05F6A5-0FB3-489B-9B8B-64C569C03D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AABA4FE3-662B-4956-904D-45086E000890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"998CD79C-458E-46A8-8261-1C40C53D9FA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0155FB0B-7FAD-4388-96C8-A8543B4FDFD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"201F059D-33D1-4D9F-9C6F-FC8EB49E4735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B025E795-5713-485E-8A15-EBE4451A1A46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B453FA1D-0FE9-4324-9644-E167561926C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDEA946E-B6D2-463B-89D0-F2F37278089E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"183B5940-2310-4D2E-99F0-9792A801A442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F8BB13E-2732-4F9E-A588-EA1C00893C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5FCDCBF-597B-439C-8D8B-2819FC70C567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"440B890A-90E9-4456-B92A-856CD17F0C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BD9D8D-39DA-403E-915D-E1B6A46A6BAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8976A7DC-1314-4C4A-A7C5-AA789D2DAB9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37854E7C-2166-48D7-AE8C-44C9468C38C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FECFC942-4F04-420C-A9B4-AE0C0590317F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81817F2-1E3A-4A52-88F1-6B614A2A1F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFFFFF0D-A80F-4B67-BEE2-86868EF7AA37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DC97A87-2652-4AD6-8E10-419A9AC9C245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1F71AE-3591-499E-B09F-AAC4E38F1CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D75174C-EBF9-4117-9E66-80E847012853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69B0305A-51D3-4E09-B96C-54B0ED921DA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9762FE57-837B-4FFA-9813-AC038450EB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0055A38C-E421-40A1-8BC7-11856A20B8F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"758CC9EE-8929-405B-A845-83BAAECCB2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24A7CF98-27EC-406A-98E2-ACC1AAAF5C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC1BD70D-7A92-4309-A40C-9BD500997390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9C17896-8895-4731-B77A-F488A94F0CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21AC1961-12F7-456F-9CE4-9AAF116CF141\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF9F1050-B6BE-4B99-882B-36D6E187304D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AE76F7-D7F6-4AF2-A5C6-708B5642C288\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749FFB51-65D4-4A4B-95F3-742440276897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8665E53-EC1E-4B95-9064-2565BC12113E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24218FDA-F9DA-465A-B5D5-76A55C7EE04E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C5F1C5-85CD-47B9-897F-E51D6902AF72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E190FF-3EBC-44AB-8072-4D964E843E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A624D44-C135-4ED3-9BA4-F4F8A044850B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B95C0A99-42E4-40A9-BF61-507E4E4DC052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B9F55CC-3681-4A67-99D1-3F40447392D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA53564-9ACD-4CFB-9AAC-A77440026A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7EC46E3-77B7-4455-B3E0-A45C6B69B3DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F475858-DCE2-4C93-A51A-04718DF17593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88687272-4CD0-42A2-B727-C322ABDE3549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E5C4FA4-3786-47AF-BD7D-8E75927EB3AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2\",\"matchCriteriaId\":\"E7BDB18D-A53C-4252-B2ED-42E6F3609277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C92642-7C8D-411A-8726-06A8A6483D65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBE2E6C-AF0E-4A77-9EB0-3593889BC676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B5C5C14-383C-4630-858E-D40D6C32FD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F509566A-6D4A-40C0-8A16-F8765C5DCAAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"707D7124-6063-4510-80B4-AD9675996F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200FFAE3-CC1C-4A11-99AD-377D54A67195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A990E86-07C0-49E2-92D6-55E499F30FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AED985D-60D7-489E-9F1E-CE3C9D985B7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF7EAA22-CED2-4379-9465-9562BACB1C20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5F7424-1E19-4078-8908-CD86A0185042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2402B40-6B72-48B5-A376-DA8D16CA43FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D968113-340A-4E5A-B4FD-D9702D49E3DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACF742B8-5F7A-487B-835C-756B1BB392F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B9351C2-16ED-4766-B417-8DB3A8766C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74667860-0047-40AD-9468-860591BA9D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9628AFF9-6EE1-4E85-858F-AE96EE64B7F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E2D0266-6954-4DBA-9EEE-8BF73B39DD61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24262AFA-2EC8-479E-8922-36DB4243E404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E62096-08B2-4722-A492-11E9A441E85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5370AC6-90EE-48EA-8DBD-54002B102F7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C36D10A8-D211-437D-98D8-9029D0A9CF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA55D00C-3629-48E4-8699-F62B8D703E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623324C2-C8B5-4C3C-9C10-9677D5A6740A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"634396D6-4ED6-4F4D-9458-396373489589\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A265869-EF58-428E-B8BB-30CABCBE0A83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB421CD-85DE-4495-93B7-46708449AE27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32049561-270C-4B18-9E96-EA0F66ACECAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5491D310-E1C0-4FCB-9DCA-97CA1F95D4BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"996EB48E-D2A8-49E4-915A-EBDE26A9FB94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97E20936-EE31-4CEB-A710-3165A28BAD69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5BEA847-A71E-4336-AB67-B3C38847C1C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F6994B-6969-485B-9286-2592B11A47BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC533775-B52E-43F0-BF19-1473BE36232D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18D1C85E-42CC-46F2-A7B6-DAC3C3995330\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4670451-511E-496C-A78A-887366E1E992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"562772F1-1627-438E-A6B8-7D1AA5536086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F25C9167-C6D4-4264-9197-50878EDA2D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD1D7308-09E9-42B2-8836-DC2326C62A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5C251D2-4C9B-4029-8BED-0FCAED3B8E89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7A7C398-5356-45D6-AA5C-53E63BC88DCA\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/38138\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/38215\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0060.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/37761\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id?1023446\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-013A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0103\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=554293\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55552\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37761\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023446\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-013A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=554293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\\r\\n\\r\\na DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).\",\"evaluatorImpact\":\"Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\\r\\n\\r\\nAffected software versions\\r\\n\\r\\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\\r\\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh\"}}"
}
}
CERTA-2010-AVI-012
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités découvertes dans Adobe Reader et Acrobat permettent à un utilisateur distant d'exécuter du code arbitraire ou de provoquer un déni de service.
Description
De multiples vulnérabilités présentes dans Adobe Reader et Acrobat peuvent être exploitées, au moyen d'un fichier au format PDF spécialement construit, par une personne malveillante afin de provoquer l'arrêt inopiné de l'application ou d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Adobe Reader 9.2 et versions antérieures pour Windows, Macintosh et Unix ; | ||
| Adobe | Acrobat | Acrobat 9.2 et versions antérieures pour Windows, Macintosh et Unix ; | ||
| Adobe | Acrobat | Adobe Reader 8.1.7 et versions antérieures pour Windows, Macintosh ; | ||
| Adobe | Acrobat | Acrobat 8.1.7 et versions antérieures pour Windows, Macintosh. |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader 9.2 et versions ant\u00e9rieures pour Windows, Macintosh et Unix ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 9.2 et versions ant\u00e9rieures pour Windows, Macintosh et Unix ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader 8.1.7 et versions ant\u00e9rieures pour Windows, Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 8.1.7 et versions ant\u00e9rieures pour Windows, Macintosh.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Adobe Reader et Acrobat\npeuvent \u00eatre exploit\u00e9es, au moyen d\u0027un fichier au format PDF\nsp\u00e9cialement construit, par une personne malveillante afin de provoquer\nl\u0027arr\u00eat inopin\u00e9 de l\u0027application ou d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"name": "CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"name": "CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"name": "CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"name": "CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"name": "CVE-2009-3958",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3958"
},
{
"name": "CVE-2009-3957",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3957"
},
{
"name": "CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
}
],
"links": [
{
"title": "Bulletin de d\u0027alerte du CERTA CERTA-2009-ALE-023 du 15 d\u00e9cembre 2009 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-023/index.html"
}
],
"reference": "CERTA-2010-AVI-012",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Adobe Reader et Acrobat\npermettent \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code arbitraire ou de\nprovoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-02 du 12 janvier 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
}
]
}
CERTA-2010-AVI-012
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités découvertes dans Adobe Reader et Acrobat permettent à un utilisateur distant d'exécuter du code arbitraire ou de provoquer un déni de service.
Description
De multiples vulnérabilités présentes dans Adobe Reader et Acrobat peuvent être exploitées, au moyen d'un fichier au format PDF spécialement construit, par une personne malveillante afin de provoquer l'arrêt inopiné de l'application ou d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Adobe Reader 9.2 et versions antérieures pour Windows, Macintosh et Unix ; | ||
| Adobe | Acrobat | Acrobat 9.2 et versions antérieures pour Windows, Macintosh et Unix ; | ||
| Adobe | Acrobat | Adobe Reader 8.1.7 et versions antérieures pour Windows, Macintosh ; | ||
| Adobe | Acrobat | Acrobat 8.1.7 et versions antérieures pour Windows, Macintosh. |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader 9.2 et versions ant\u00e9rieures pour Windows, Macintosh et Unix ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 9.2 et versions ant\u00e9rieures pour Windows, Macintosh et Unix ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Reader 8.1.7 et versions ant\u00e9rieures pour Windows, Macintosh ;",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 8.1.7 et versions ant\u00e9rieures pour Windows, Macintosh.",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Adobe Reader et Acrobat\npeuvent \u00eatre exploit\u00e9es, au moyen d\u0027un fichier au format PDF\nsp\u00e9cialement construit, par une personne malveillante afin de provoquer\nl\u0027arr\u00eat inopin\u00e9 de l\u0027application ou d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"name": "CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"name": "CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"name": "CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"name": "CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"name": "CVE-2009-3958",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3958"
},
{
"name": "CVE-2009-3957",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3957"
},
{
"name": "CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
}
],
"links": [
{
"title": "Bulletin de d\u0027alerte du CERTA CERTA-2009-ALE-023 du 15 d\u00e9cembre 2009 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-023/index.html"
}
],
"reference": "CERTA-2010-AVI-012",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Adobe Reader et Acrobat\npermettent \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code arbitraire ou de\nprovoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-02 du 12 janvier 2010",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
}
]
}
FKIE_CVE-2009-3954
Vulnerability from fkie_nvd - Published: 2010-01-13 19:30 - Updated: 2026-04-23 00:35
Severity
Summary
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C42D46A5-DB0B-48EF-8587-C2CEDAA14A4A",
"versionEndIncluding": "9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "465F9134-DD86-4F13-8C39-949BE6E7389A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB041EDF-EFF8-4AA6-8D59-411975547534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C05F6A5-0FB3-489B-9B8B-64C569C03D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AABA4FE3-662B-4956-904D-45086E000890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "998CD79C-458E-46A8-8261-1C40C53D9FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*",
"matchCriteriaId": "0155FB0B-7FAD-4388-96C8-A8543B4FDFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "201F059D-33D1-4D9F-9C6F-FC8EB49E4735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B025E795-5713-485E-8A15-EBE4451A1A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B453FA1D-0FE9-4324-9644-E167561926C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEA946E-B6D2-463B-89D0-F2F37278089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "183B5940-2310-4D2E-99F0-9792A801A442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8BB13E-2732-4F9E-A588-EA1C00893C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FCDCBF-597B-439C-8D8B-2819FC70C567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "440B890A-90E9-4456-B92A-856CD17F0C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79BD9D8D-39DA-403E-915D-E1B6A46A6BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8976A7DC-1314-4C4A-A7C5-AA789D2DAB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "37854E7C-2166-48D7-AE8C-44C9468C38C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FECFC942-4F04-420C-A9B4-AE0C0590317F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F81817F2-1E3A-4A52-88F1-6B614A2A1F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFFFF0D-A80F-4B67-BEE2-86868EF7AA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC97A87-2652-4AD6-8E10-419A9AC9C245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1F71AE-3591-499E-B09F-AAC4E38F1CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75174C-EBF9-4117-9E66-80E847012853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69B0305A-51D3-4E09-B96C-54B0ED921DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9762FE57-837B-4FFA-9813-AC038450EB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0055A38C-E421-40A1-8BC7-11856A20B8F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "758CC9EE-8929-405B-A845-83BAAECCB2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24A7CF98-27EC-406A-98E2-ACC1AAAF5C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1BD70D-7A92-4309-A40C-9BD500997390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17896-8895-4731-B77A-F488A94F0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21AC1961-12F7-456F-9CE4-9AAF116CF141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9F1050-B6BE-4B99-882B-36D6E187304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26AE76F7-D7F6-4AF2-A5C6-708B5642C288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "749FFB51-65D4-4A4B-95F3-742440276897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8665E53-EC1E-4B95-9064-2565BC12113E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24218FDA-F9DA-465A-B5D5-76A55C7EE04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C5F1C5-85CD-47B9-897F-E51D6902AF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E190FF-3EBC-44AB-8072-4D964E843E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A624D44-C135-4ED3-9BA4-F4F8A044850B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B95C0A99-42E4-40A9-BF61-507E4E4DC052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9F55CC-3681-4A67-99D1-3F40447392D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA53564-9ACD-4CFB-9AAC-A77440026A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EC46E3-77B7-4455-B3E0-A45C6B69B3DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F475858-DCE2-4C93-A51A-04718DF17593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88687272-4CD0-42A2-B727-C322ABDE3549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5C4FA4-3786-47AF-BD7D-8E75927EB3AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BDB18D-A53C-4252-B2ED-42E6F3609277",
"versionEndIncluding": "9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C92642-7C8D-411A-8726-06A8A6483D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBE2E6C-AF0E-4A77-9EB0-3593889BC676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5C5C14-383C-4630-858E-D40D6C32FD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F509566A-6D4A-40C0-8A16-F8765C5DCAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "707D7124-6063-4510-80B4-AD9675996F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "200FFAE3-CC1C-4A11-99AD-377D54A67195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*",
"matchCriteriaId": "8A990E86-07C0-49E2-92D6-55E499F30FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6AED985D-60D7-489E-9F1E-CE3C9D985B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7EAA22-CED2-4379-9465-9562BACB1C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5F7424-1E19-4078-8908-CD86A0185042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2402B40-6B72-48B5-A376-DA8D16CA43FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D968113-340A-4E5A-B4FD-D9702D49E3DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF742B8-5F7A-487B-835C-756B1BB392F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "634396D6-4ED6-4F4D-9458-396373489589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A265869-EF58-428E-B8BB-30CABCBE0A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB421CD-85DE-4495-93B7-46708449AE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32049561-270C-4B18-9E96-EA0F66ACECAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5491D310-E1C0-4FCB-9DCA-97CA1F95D4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97E20936-EE31-4CEB-A710-3165A28BAD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BEA847-A71E-4336-AB67-B3C38847C1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39F6994B-6969-485B-9286-2592B11A47BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC533775-B52E-43F0-BF19-1473BE36232D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18D1C85E-42CC-46F2-A7B6-DAC3C3995330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C4670451-511E-496C-A78A-887366E1E992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "562772F1-1627-438E-A6B8-7D1AA5536086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F25C9167-C6D4-4264-9197-50878EDA2D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1D7308-09E9-42B2-8836-DC2326C62A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C251D2-4C9B-4029-8BED-0FCAED3B8E89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\""
},
{
"lang": "es",
"value": "La implementaci\u00f3n 3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podr\u00eda permitir a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, relacionados con un \"vulnerabilidad de carga DLL\"."
}
],
"evaluatorComment": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\na DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).",
"evaluatorImpact": "Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html\r\n\r\nAffected software versions\r\n\r\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\r\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh",
"id": "CVE-2009-3954",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-13T19:30:00.407",
"references": [
{
"source": "psirt@adobe.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"source": "psirt@adobe.com",
"url": "http://secunia.com/advisories/38138"
},
{
"source": "psirt@adobe.com",
"url": "http://secunia.com/advisories/38215"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securityfocus.com/bid/37761"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id?1023446"
},
{
"source": "psirt@adobe.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
},
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"source": "psirt@adobe.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"source": "psirt@adobe.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"source": "psirt@adobe.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-GPHR-X7QG-MP2C
Vulnerability from github – Published: 2022-05-02 03:50 – Updated: 2022-05-02 03:50
VLAI
Details
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
{
"affected": [],
"aliases": [
"CVE-2009-3954"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-01-13T19:30:00Z",
"severity": "HIGH"
},
"details": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"id": "GHSA-gphr-x7qg-mp2c",
"modified": "2022-05-02T03:50:11Z",
"published": "2022-05-02T03:50:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38138"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38215"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37761"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1023446"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0103"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2009-3954
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-3954",
"description": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"id": "GSD-2009-3954",
"references": [
"https://www.suse.com/security/cve/CVE-2009-3954.html",
"https://access.redhat.com/errata/RHSA-2010:0060",
"https://access.redhat.com/errata/RHSA-2010:0038",
"https://access.redhat.com/errata/RHSA-2010:0037"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-3954"
],
"details": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"id": "GSD-2009-3954",
"modified": "2023-12-13T01:19:48.966419Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38138"
},
{
"name": "acrobat-reader-3d-code-execution(55552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"name": "RHSA-2010:0060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"name": "oval:org.mitre.oval:def:8528",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
},
{
"name": "ADV-2010-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"name": "1023446",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023446"
},
{
"name": "37761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37761"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"name": "38215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38215"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "TA10-013A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3954"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"name": "ADV-2010-0103",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"name": "TA10-013A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
},
{
"name": "1023446",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1023446"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "38138",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38138"
},
{
"name": "37761",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/37761"
},
{
"name": "RHSA-2010:0060",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554293",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"name": "38215",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38215"
},
{
"name": "acrobat-reader-3d-code-execution(55552)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55552"
},
{
"name": "oval:org.mitre.oval:def:8528",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-30T16:25Z",
"publishedDate": "2010-01-13T19:30Z"
}
}
}
RHSA-2010:0037
Vulnerability from csaf_redhat - Published: 2010-01-13 16:03 - Updated: 2025-11-21 17:35Summary
Red Hat Security Advisory: acroread security and bug fix update
Severity
Critical
Notes
Topic: Updated acroread packages that fix multiple security issues and three bugs
are now available for Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes several vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-02
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,
CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)
This update also fixes the following bugs:
* the acroread process continued to run even after closing a PDF file. If
multiple PDF files were opened and then closed, the acroread processes
continued to run and consume system resources (up to 100% CPU usage). With
this update, the acroread process correctly exits, which resolves this
issue. (BZ#473217)
* the PPKLite.api plug-in was missing, causing Adobe Reader to crash when
attempting to open signed PDF files. For such files, if an immediate crash
was not observed, clicking on the Signature Panel could trigger one. With
this update, the PPKLite.api plug-in is included, which resolves this
issue. (BZ#472975)
* Adobe Reader has been upgraded to version 9.3. (BZ#497957)
Adobe have discontinued support for Adobe Reader 8 for Linux. All users of
Adobe Reader are advised to install these updated packages, which contain
Adobe Reader version 9.3, which is not vulnerable to these issues and fixes
these bugs. All running instances of Adobe Reader must be restarted for the
update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
4.3 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues and three bugs\nare now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nThis update also fixes the following bugs:\n\n* the acroread process continued to run even after closing a PDF file. If\nmultiple PDF files were opened and then closed, the acroread processes\ncontinued to run and consume system resources (up to 100% CPU usage). With\nthis update, the acroread process correctly exits, which resolves this\nissue. (BZ#473217)\n\n* the PPKLite.api plug-in was missing, causing Adobe Reader to crash when\nattempting to open signed PDF files. For such files, if an immediate crash\nwas not observed, clicking on the Signature Panel could trigger one. With\nthis update, the PPKLite.api plug-in is included, which resolves this\nissue. (BZ#472975)\n\n* Adobe Reader has been upgraded to version 9.3. (BZ#497957)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues and fixes\nthese bugs. All running instances of Adobe Reader must be restarted for the\nupdate to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0037",
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"category": "external",
"summary": "472975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=472975"
},
{
"category": "external",
"summary": "473217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=473217"
},
{
"category": "external",
"summary": "547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0037.json"
}
],
"title": "Red Hat Security Advisory: acroread security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:35:42+00:00",
"generator": {
"date": "2025-11-21T17:35:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0037",
"initial_release_date": "2010-01-13T16:03:00+00:00",
"revision_history": [
{
"date": "2010-01-13T16:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-01-13T11:03:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3-1.el5.i386",
"product_id": "acroread-plugin-0:9.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3-1.el5.i386",
"product": {
"name": "acroread-0:9.3-1.el5.i386",
"product_id": "acroread-0:9.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3953",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3953"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3954",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3954"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3955",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3955"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3956",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554296"
}
],
"notes": [
{
"category": "description",
"text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: script injection vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3956"
},
{
"category": "external",
"summary": "RHBZ#554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "acroread: script injection vulnerability (APSB10-02)"
},
{
"cve": "CVE-2009-3959",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3959"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-4324",
"discovery_date": "2009-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "547799"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4324"
},
{
"category": "external",
"summary": "RHBZ#547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)"
}
]
}
RHSA-2010:0038
Vulnerability from csaf_redhat - Published: 2010-01-13 16:08 - Updated: 2025-11-21 17:35Summary
Red Hat Security Advisory: acroread security update
Severity
Critical
Notes
Topic: Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes several vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-02
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,
CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)
Adobe have discontinued support for Adobe Reader 8 for Linux. All users of
Adobe Reader are advised to install these updated packages, which contain
Adobe Reader version 9.3, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
4.3 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0038",
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"category": "external",
"summary": "547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0038.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:43+00:00",
"generator": {
"date": "2025-11-21T17:35:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0038",
"initial_release_date": "2010-01-13T16:08:00+00:00",
"revision_history": [
{
"date": "2010-01-13T16:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-01-13T11:08:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3-1.el4.i386",
"product_id": "acroread-plugin-0:9.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3-1.el4.i386",
"product": {
"name": "acroread-0:9.3-1.el4.i386",
"product_id": "acroread-0:9.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3953",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3953"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3954",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3954"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3955",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3955"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3956",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554296"
}
],
"notes": [
{
"category": "description",
"text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: script injection vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3956"
},
{
"category": "external",
"summary": "RHBZ#554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "acroread: script injection vulnerability (APSB10-02)"
},
{
"cve": "CVE-2009-3959",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3959"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-4324",
"discovery_date": "2009-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "547799"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4324"
},
{
"category": "external",
"summary": "RHBZ#547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)"
}
]
}
RHSA-2010:0060
Vulnerability from csaf_redhat - Published: 2010-01-20 14:38 - Updated: 2025-11-21 17:35Summary
Red Hat Security Advisory: acroread security update
Severity
Critical
Notes
Topic: The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras
contain security flaws and should not be used.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Adobe Reader 8.1.7 is vulnerable to critical security flaws and should no
longer be used. A specially-crafted PDF file could cause Adobe Reader to
crash or, potentially, execute arbitrary code as the user running Adobe
Reader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954,
CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)
Adobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader
9 for Linux is not compatible with Red Hat Enterprise Linux 3. An
alternative PDF file viewer available in Red Hat Enterprise Linux 3 is
xpdf.
This update removes the acroread packages due to their known security
vulnerabilities.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
4.3 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS-LACD:acroread-uninstall-0:9.3-3.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras\ncontain security flaws and should not be used.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nAdobe Reader 8.1.7 is vulnerable to critical security flaws and should no\nlonger be used. A specially-crafted PDF file could cause Adobe Reader to\ncrash or, potentially, execute arbitrary code as the user running Adobe\nReader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954,\nCVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader\n9 for Linux is not compatible with Red Hat Enterprise Linux 3. An\nalternative PDF file viewer available in Red Hat Enterprise Linux 3 is\nxpdf.\n\nThis update removes the acroread packages due to their known security\nvulnerabilities.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0060",
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
},
{
"category": "external",
"summary": "554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"category": "external",
"summary": "547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0060.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:45+00:00",
"generator": {
"date": "2025-11-21T17:35:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0060",
"initial_release_date": "2010-01-20T14:38:00+00:00",
"revision_history": [
{
"date": "2010-01-20T14:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-01-20T09:38:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-uninstall-0:9.3-3.i386",
"product": {
"name": "acroread-uninstall-0:9.3-3.i386",
"product_id": "acroread-uninstall-0:9.3-3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-uninstall@9.3-3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3953",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3953"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3954",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3954"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3955",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3955"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3956",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554296"
}
],
"notes": [
{
"category": "description",
"text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: script injection vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3956"
},
{
"category": "external",
"summary": "RHBZ#554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "acroread: script injection vulnerability (APSB10-02)"
},
{
"cve": "CVE-2009-3959",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3959"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-4324",
"discovery_date": "2009-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "547799"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4324"
},
{
"category": "external",
"summary": "RHBZ#547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)"
}
]
}
RHSA-2010_0037
Vulnerability from csaf_redhat - Published: 2010-01-13 16:03 - Updated: 2024-11-14 10:47Summary
Red Hat Security Advisory: acroread security and bug fix update
Severity
Critical
Notes
Topic: Updated acroread packages that fix multiple security issues and three bugs
are now available for Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes several vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-02
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,
CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)
This update also fixes the following bugs:
* the acroread process continued to run even after closing a PDF file. If
multiple PDF files were opened and then closed, the acroread processes
continued to run and consume system resources (up to 100% CPU usage). With
this update, the acroread process correctly exits, which resolves this
issue. (BZ#473217)
* the PPKLite.api plug-in was missing, causing Adobe Reader to crash when
attempting to open signed PDF files. For such files, if an immediate crash
was not observed, clicking on the Signature Panel could trigger one. With
this update, the PPKLite.api plug-in is included, which resolves this
issue. (BZ#472975)
* Adobe Reader has been upgraded to version 9.3. (BZ#497957)
Adobe have discontinued support for Adobe Reader 8 for Linux. All users of
Adobe Reader are advised to install these updated packages, which contain
Adobe Reader version 9.3, which is not vulnerable to these issues and fixes
these bugs. All running instances of Adobe Reader must be restarted for the
update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
4.3 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
6.8 ()
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues and three bugs\nare now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nThis update also fixes the following bugs:\n\n* the acroread process continued to run even after closing a PDF file. If\nmultiple PDF files were opened and then closed, the acroread processes\ncontinued to run and consume system resources (up to 100% CPU usage). With\nthis update, the acroread process correctly exits, which resolves this\nissue. (BZ#473217)\n\n* the PPKLite.api plug-in was missing, causing Adobe Reader to crash when\nattempting to open signed PDF files. For such files, if an immediate crash\nwas not observed, clicking on the Signature Panel could trigger one. With\nthis update, the PPKLite.api plug-in is included, which resolves this\nissue. (BZ#472975)\n\n* Adobe Reader has been upgraded to version 9.3. (BZ#497957)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues and fixes\nthese bugs. All running instances of Adobe Reader must be restarted for the\nupdate to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0037",
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"category": "external",
"summary": "472975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=472975"
},
{
"category": "external",
"summary": "473217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=473217"
},
{
"category": "external",
"summary": "547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0037.json"
}
],
"title": "Red Hat Security Advisory: acroread security and bug fix update",
"tracking": {
"current_release_date": "2024-11-14T10:47:38+00:00",
"generator": {
"date": "2024-11-14T10:47:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2010:0037",
"initial_release_date": "2010-01-13T16:03:00+00:00",
"revision_history": [
{
"date": "2010-01-13T16:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-01-13T11:03:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:47:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.3-1.el5.i386",
"product": {
"name": "acroread-plugin-0:9.3-1.el5.i386",
"product_id": "acroread-plugin-0:9.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3-1.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3-1.el5.i386",
"product": {
"name": "acroread-0:9.3-1.el5.i386",
"product_id": "acroread-0:9.3-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:9.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:9.3-1.el5.i386"
},
"product_reference": "acroread-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3953",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3953"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3954",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3954"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3955",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3955"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3956",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554296"
}
],
"notes": [
{
"category": "description",
"text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: script injection vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3956"
},
{
"category": "external",
"summary": "RHBZ#554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "acroread: script injection vulnerability (APSB10-02)"
},
{
"cve": "CVE-2009-3959",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3959"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-4324",
"discovery_date": "2009-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "547799"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4324"
},
{
"category": "external",
"summary": "RHBZ#547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0037"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary:acroread-0:9.3-1.el5.i386",
"5Client-Supplementary:acroread-plugin-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-0:9.3-1.el5.i386",
"5Server-Supplementary:acroread-plugin-0:9.3-1.el5.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)"
}
]
}
RHSA-2010_0038
Vulnerability from csaf_redhat - Published: 2010-01-13 16:08 - Updated: 2024-11-14 10:47Summary
Red Hat Security Advisory: acroread security update
Severity
Critical
Notes
Topic: Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
This update fixes several vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-02
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,
CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)
Adobe have discontinued support for Adobe Reader 8 for Linux. All users of
Adobe Reader are advised to install these updated packages, which contain
Adobe Reader version 9.3, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
4.3 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
6.8 ()
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS-LACD:acroread-plugin-0:9.3-1.el4.i386 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0038",
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"category": "external",
"summary": "547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0038.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:47:42+00:00",
"generator": {
"date": "2024-11-14T10:47:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2010:0038",
"initial_release_date": "2010-01-13T16:08:00+00:00",
"revision_history": [
{
"date": "2010-01-13T16:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-01-13T11:08:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:47:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:9.3-1.el4.i386",
"product": {
"name": "acroread-plugin-0:9.3-1.el4.i386",
"product_id": "acroread-plugin-0:9.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@9.3-1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:9.3-1.el4.i386",
"product": {
"name": "acroread-0:9.3-1.el4.i386",
"product_id": "acroread-0:9.3-1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@9.3-1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:9.3-1.el4.i386"
},
"product_reference": "acroread-0:9.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:9.3-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
},
"product_reference": "acroread-plugin-0:9.3-1.el4.i386",
"relates_to_product_reference": "4WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3953",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3953"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3954",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3954"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3955",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3955"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3956",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554296"
}
],
"notes": [
{
"category": "description",
"text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: script injection vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3956"
},
{
"category": "external",
"summary": "RHBZ#554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "acroread: script injection vulnerability (APSB10-02)"
},
{
"cve": "CVE-2009-3959",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3959"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-4324",
"discovery_date": "2009-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "547799"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4324"
},
{
"category": "external",
"summary": "RHBZ#547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-13T16:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0038"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-LACD:acroread-0:9.3-1.el4.i386",
"4AS-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-0:9.3-1.el4.i386",
"4Desktop-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4ES-LACD:acroread-0:9.3-1.el4.i386",
"4ES-LACD:acroread-plugin-0:9.3-1.el4.i386",
"4WS-LACD:acroread-0:9.3-1.el4.i386",
"4WS-LACD:acroread-plugin-0:9.3-1.el4.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…