Launchpad CVE tracker

CVE 2009-1492

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.

Related bugs and status

CVE-2009-1492 (Candidate) is related to these bugs:

Bug #370730: APSA09-02: Buffer overflow issues in Adobe Reader

Summary				In	Importance	Status
	370730	APSA09-02: Buffer overflow issues in Adobe Reader		Ubuntu Japanese Kaizen Project	Medium	Fix Released

Bug #371954: remote code execution vuln in adobe reader - disable javascript by default

Summary				In	Importance	Status
	371954	remote code execution vuln in adobe reader - disable javascript by default		acroread (Ubuntu)	High	Fix Released

Bug #375452: adobereader-jpn が $http_proxy を無視する

Summary				In	Importance	Status
	375452	adobereader-jpn が $http_proxy を無視する		Ubuntu Japanese Kaizen Project	Medium	Fix Released

Bug #384168: Please update Adobe Reader to either version 8.1.6 or 9.1.3

Summary				In	Importance	Status
	384168	Please update Adobe Reader to either version 8.1.6 or 9.1.3		The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1492

References