Vulnerability Description
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat Reader | 8.0 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://lists.immunitysec.com/pipermail/dailydave/2010-April/006072.html
- http://lists.immunitysec.com/pipermail/dailydave/2010-April/006074.html
- http://www.metasploit.com/redmine/projects/framework/repository/revisions/8379/c
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57994
- https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vul
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.immunitysec.com/pipermail/dailydave/2010-April/006072.html
- http://lists.immunitysec.com/pipermail/dailydave/2010-April/006074.html
- http://www.metasploit.com/redmine/projects/framework/repository/revisions/8379/c
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57994
- https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vul
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2009-4764?
CVE-2009-4764 is a vulnerability with a CVSS score of 9.3 (HIGH). Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a craf...
How severe is CVE-2009-4764?
CVE-2009-4764 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4764?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat Reader, Microsoft Windows.