CVE-2009-0927
Published: 19 March 2009
Summary
CVE-2009-0927 is a high-severity Improper Input Validation (CWE-20) vulnerability in Adobe Acrobat Reader. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability is a stack-based buffer overflow, identified as CWE-121 and related to improper input validation under CWE-20, that affects Adobe Reader and Adobe Acrobat versions 9 before 9.1, 8 before 8.1.3, and 7 before 7.1.1. It is triggered specifically by a crafted argument supplied to the getIcon method of a Collab object and is distinct from CVE-2009-0658. The issue received a CVSS 3.1 score of 8.8, reflecting network-accessible attack potential with high impact on confidentiality, integrity, and availability.
Remote attackers can exploit the flaw to execute arbitrary code on a target system. Exploitation requires user interaction such as opening a malicious document, after which the overflow allows full control over the affected process without needing prior authentication or elevated privileges.
Security advisories from openSUSE and Secunia reference vendor updates that address the vulnerability by upgrading Adobe Reader and Acrobat to the fixed versions listed in the CVE description. These sources also note the availability of corresponding patches for affected distributions and installations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2009-0924
Vulnerability details
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a…
more
different vulnerability than CVE-2009-0658.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of all inputs (including PDF method arguments) to block the crafted getIcon data that triggers the stack buffer overflow.
Applies memory protections that directly mitigate exploitation of the stack-based buffer overflow (CWE-121) used for arbitrary code execution.
Mandates prompt installation of the vendor patches that eliminate the vulnerable Collab.getIcon handling in Adobe Reader/Acrobat versions listed in the CVE.