PT-2009-5725 · Adobe · Acrobat+1
Published
2009-09-25
·
Updated
2017-09-19
·
CVE-2009-3431
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Reader and Acrobat versions 9.1.3 through 9.1.1 and earlier 9.x versions
Adobe Reader and Acrobat versions 8.1.6 and earlier 8.x versions
Adobe Reader and Acrobat versions 7.1.4 and earlier 7.x versions
Description
A stack consumption issue allows remote attackers to cause a denial of service, resulting in an application crash, via a PDF file containing a large number of
( open square bracket characters in the argument to the alert method.Recommendations
For Adobe Reader and Acrobat versions 9.1.3 through 9.1.1 and earlier 9.x versions: update to a version that is not affected by this issue.
For Adobe Reader and Acrobat versions 8.1.6 and earlier 8.x versions: update to a version that is not affected by this issue.
For Adobe Reader and Acrobat versions 7.1.4 and earlier 7.x versions: update to a version that is not affected by this issue.
As a temporary workaround, consider avoiding the use of PDF files with a large number of
( open square bracket characters in the argument to the alert method until a patch is available.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat
Reader