PDF/Exploit.CVE-2009-3459.A
Vulnerability details
Advisory: SB2009100801 - Remote code execution in Adobe Acrobat and Adobe Reader
Vulnerable component: Adobe Reader
CVE-ID: CVE-2009-3459
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing a malformed PDF file. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Public Exploits:
- Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2) [Exploit-DB]
- Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1) [Exploit-DB]
External links:
http://www.adobe.com/support/security/bulletins/apsb09-15.html
https://isc.sans.edu/diary/New+Adobe+Vulnerability+Exploited+in+Targeted+Attacks/7300
http://www.enigmasoftware.com/adobe-reader-vulnerability-cve-2009-3459-allows-hackers-insert-backdoo...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLATEDECODE_PREDICTOR02
http://temerc.com/forums/viewtopic.php?t=7821
http://www.rationallyparanoid.com/articles/emet-testing.html
https://media.blackhat.com/bh-eu-10/presentations/Li_Lovet/BlackHat-EU-2010-Li-Lovet-Adobe-Heap-slid...
https://blog.didierstevens.com/2009/10/13/update-pdfid-version-0-0-9-to-detect-another-adobe-0day/
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-exploit/
https://blog.fortinet.com/2009/10/19/on-the-recent-pdf-exploit