HTTP: Adobe Acrobat JavaScript getIcon Method Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the Adobe Acrobat. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Server.

Extended Description

Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. The issue affects the following: Reader and Acrobat 7.1 and prior Reader and Acrobat 8.1.2 and prior Reader and Acrobat 9 UPDATE (March 24, 2009): This BID was previously titled 'Adobe Acrobat and Reader Unspecified JavaScript Method Remote Code Execution Vulnerability', but has been updated to better document the issue.

Affected Products

Nortel_networks self-service_mps_1000,Adobe acrobat_professional

Short Name
HTTP:STC:ADOBE:ACROBAT-GETICON
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Acrobat Adobe Buffer CVE-2009-0927 JavaScript Method Overflow bid:34169 getIcon
Release Date
07/18/2011
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Sun

Adobe

Suse

Gentoo

Nortel_networks

CVSS Score

9.3

Found a potential security threat?