CVE-2009-3958 — HIGH (10.0)

Q: How severe is CVE-2009-3958?

CVE-2009-3958 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3958?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Apple Mac Os X, Microsoft Windows, Adobe Acrobat Reader, Unix Unix.

Vulnerability Description

Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Acrobat	<= 9.2
Apple	Mac Os X	All versions
Microsoft	Windows	All versions
Adobe	Acrobat Reader	<= 9.2
Unix	Unix	All versions

Related Weaknesses (CWE)

CWE-119

References

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://www.adobe.com/support/security/bulletins/apsb10-02.htmlPatchVendor Advisory
http://www.kb.cert.org/vuls/id/773545US Government Resource
http://www.securityfocus.com/bid/37759
http://www.securitytracker.com/id?1023446
http://www.us-cert.gov/cas/techalerts/TA10-013A.htmlUS Government Resource
http://www.vupen.com/english/advisories/2010/0103Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://www.adobe.com/support/security/bulletins/apsb10-02.htmlPatchVendor Advisory
http://www.kb.cert.org/vuls/id/773545US Government Resource
http://www.securityfocus.com/bid/37759
http://www.securitytracker.com/id?1023446
http://www.us-cert.gov/cas/techalerts/TA10-013A.htmlUS Government Resource

FAQ

What is CVE-2009-3958?

CVE-2009-3958 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x befor...

How severe is CVE-2009-3958?

CVE-2009-3958 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3958?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Apple Mac Os X, Microsoft Windows, Adobe Acrobat Reader, Unix Unix.