Vulnerability Description
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat | <= 9.1.3 |
| Adobe | Acrobat Reader | <= 9.1.3 |
References
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb09-15.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/36638
- http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlPatchUS Government Resource
- http://www.vupen.com/english/advisories/2009/2898PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb09-15.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/36638
- http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlPatchUS Government Resource
- http://www.vupen.com/english/advisories/2009/2898PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2009-2979?
CVE-2009-2979 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service v...
How severe is CVE-2009-2979?
CVE-2009-2979 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2979?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat Reader.