CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3459

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score72.1630%
EPSS Percentile95.75th
PublishedOct 13, 2009
Last ModifiedMay 21, 2026

Vulnerability Description

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Adobe

Acrobat

>= 7.0 and < 7.1.4
πŸ“¦
Adobe

Acrobat

>= 8.0 and < 8.1.7
πŸ“¦
Adobe

Acrobat

>= 9.0 and < 9.2
πŸ“¦
Adobe

Acrobat Reader

>= 7.0 and < 7.1.4
πŸ“¦
Adobe

Acrobat Reader

>= 8.0 and < 8.1.7
πŸ“¦
Adobe

Acrobat Reader

>= 9.0 and < 9.2

References & Advisories

πŸ”— http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
πŸ”— http://isc.sans.org/diary.html?storyid=7300
πŸ”— http://secunia.com/advisories/36983
πŸ”— http://securitytracker.com/id?1023007
πŸ”— http://www.adobe.com/support/security/bulletins/apsb09-15.html
πŸ”— http://www.iss.net/threats/348.html
πŸ”— http://www.securityfocus.com/bid/36600
πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-286B.html

Related Vulnerabilities

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...