Adobe.Acrobat.GetIcon.Method.Stack

Name	Adobe.Acrobat.GetIcon.Method.Stack.Overflow
Last Updated Date	May 19, 2009
Release Date	Apr 28, 2009
Severity	Critical
Impact	System Compromise: Remote attackers can gain control of vulnerable systems.
Description	This indicates an attack attempt against a buffer-overflow vulnerability in Adobe Reader and Adobe Acrobat. The vulnerability is caused by an error when the vulnerable software handles a malicious JavaScript. It allows a remote attacker to execute arbitrary code via sending a crafted pdf file.
Affected Products	Adobe Reader and Adobe Acrobat 9.1 and 7.1.1
Recommended Actions	Refer to the vendor's web site for the suggested workaround: http://www.adobe.com/support/security/bulletins/apsb09-04.html
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0927
Reference/s	http://www.securityfocus.com/bid/34169 (BugTraq) http://milw0rm.com/exploits/8595 http://milw0rm.org/exploits/9579 http://www.zerodayinitiative.com/advisories/ZDI-09-014/

Reference: VID-17342