CVE-2009-1492

Common Vulnerabilities and Exposures

CVE-2009-1492 at MITRE

Details

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.

Novell Bugzilla entry: 499097

SUSE Security Advisories:

SUSE-SA:2009:027 , published Wed, 20 May 2009 17:00:00 +0000
SUSE-SR:2009:011 , published Tue, 09 Jun 2009 12:00:00 +0000

Product(s)	Fixed package version(s)	References
SLES 11 DEBUGINFO	`acroread-debuginfo >= 8.1.5-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 899
SLED 11	`acroread >= 8.1.5-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 899
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`acroread_ja >= 8.1.5-1.3`	sled10-sp2. x86-64 sled10-sp2. x86 ZYPP Patch Nr: 6264
openSUSE 10.3 openSUSE 11.0	`acroread >= 8.1.5-0.1`	ZYPP Patch Nr: 6258 SAT Patch Nr: 893
openSUSE 11.1	`acroread >= 8.1.5-0.1.1`	ZYPP Patch Nr: 6258 SAT Patch Nr: 893
SLED 11	`acroread_ja >= 8.1.5-0.1.1`	sle11. x86 sle11. x86-64 SAT Patch Nr: 904
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`acroread >= 8.1.5-0.3`	sled10-sp2. x86-64 sled10-sp2. x86 ZYPP Patch Nr: 6260