This application requires Javascript for optimal performance.

Adobe.Reader.Spell.CustomDictionaryOpen.Code.Execution

Release Date

May 04, 2009

Severity

critical

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Description

This indicates an attack attempt against a vulnerability in Adobe Reader and Acrobat.

This vulnerability is caused by a memory corruption error when the vulnerable software handles malicious data passed to the JavaScript method "customDictionaryOpen". It may allow a remote attacker to execute arbitrary code via sending a crafted PDF file.

Affected Products

Adobe Acrobat Reader 8.1.4
Adobe Acrobat Reader 9.1

Recommended Actions

Currently we are not aware of any patches supplied by the vendor for this issue.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2009-1493

Reference/s

http://www.milw0rm.com/exploits/8570
http://www.frsirt.com/english/advisories/2009/1189 (FrSIRT)
http://www.securityfocus.com/bid/34740 (BugTraq)

Reference: VID-17415