Adobe Reader Javascript API getAnnots method vulnerability

Added: 05/29/2009
CVE: CVE-2009-1492
BID: 34736
OSVDB: 54130

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A vulnerability in the Javascript API allows command execution when a user opens a PDF file which calls the getAnnots method with specially crafted arguments.

Resolution

Apply one of the patches referenced in APSB09-06.

References

http://www.kb.cert.org/vuls/id/970180

Limitations

Exploit works on Adobe Reader 8.1.3 and 9.1 and requires a user to open the exploit file in Adobe Reader.

Due to the nature of the vulnerability, the success of the exploit depends on the state of the target system's memory.

Platforms

Linux

Back to exploit index