返回 CVE 浏览器

CVE-2009-3459

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score72.1630%

EPSS Percentile95.75th

Published2009年10月13日

Last Modified2026年5月21日

Vulnerability Description

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Adobe

Acrobat

>= 7.0 and < 7.1.4

📦

Adobe

Acrobat

>= 8.0 and < 8.1.7

📦

Adobe

Acrobat

>= 9.0 and < 9.2

📦

Adobe

Acrobat Reader

>= 7.0 and < 7.1.4

📦

Adobe

Acrobat Reader

>= 8.0 and < 8.1.7

📦

Adobe

Acrobat Reader

>= 9.0 and < 9.2

References & Advisories

🔗 http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html

🔗 http://isc.sans.org/diary.html?storyid=7300

🔗 http://secunia.com/advisories/36983

🔗 http://securitytracker.com/id?1023007

🔗 http://www.adobe.com/support/security/bulletins/apsb09-15.html

🔗 http://www.iss.net/threats/348.html

🔗 http://www.securityfocus.com/bid/36600

🔗 http://www.us-cert.gov/cas/techalerts/TA09-286B.html

相关漏洞威胁

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...