CVE-2009-1493

Common Vulnerabilities and Exposures

CVE-2009-1493 at MITRE

Details

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Novell Bugzilla entry: 499097

SUSE Security Advisories:

SUSE-SA:2009:027 , published Wed, 20 May 2009 17:00:00 +0000
SUSE-SR:2009:011 , published Tue, 09 Jun 2009 12:00:00 +0000

Product(s)	Fixed package version(s)	References
SLES 11 DEBUGINFO	`acroread-debuginfo >= 8.1.5-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 899
SLED 11	`acroread >= 8.1.5-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 899
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`acroread_ja >= 8.1.5-1.3`	sled10-sp2. x86-64 sled10-sp2. x86 ZYPP Patch Nr: 6264
openSUSE 10.3 openSUSE 11.0	`acroread >= 8.1.5-0.1`	ZYPP Patch Nr: 6258 SAT Patch Nr: 893
openSUSE 11.1	`acroread >= 8.1.5-0.1.1`	ZYPP Patch Nr: 6258 SAT Patch Nr: 893
SLED 11	`acroread_ja >= 8.1.5-0.1.1`	sle11. x86 sle11. x86-64 SAT Patch Nr: 904
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`acroread >= 8.1.5-0.3`	sled10-sp2. x86-64 sled10-sp2. x86 ZYPP Patch Nr: 6260