← back
CVE-2009-3459

CVE-2009-3459

CVSS 8.8 HIGHEPSS 86.5%● KEVCWE-122
In short

A flaw in Adobe Reader and Acrobat allows attackers to crash your application or run malicious code by sending you a specially crafted PDF file. This happens because the program doesn't properly check memory boundaries when processing the PDF.

Technical detail

Heap-based buffer overflow in Adobe Reader/Acrobat versions 7.x (before 7.1.4), 8.x (before 8.1.7), and 9.x (before 9.2) exploitable via malicious PDF files. Attack vector is user interaction (opening a PDF); the overflow corrupts heap memory, enabling arbitrary code execution with the privileges of the affected application.

Summary generated and translated by AI from the official description.
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/16546unverifiedexploitdbwww.exploit-db.com/exploits/16652unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.htmlhttp://isc.sans.org/diary.html?storyid=7300http://secunia.com/advisories/36983http://securitytracker.com/id?1023007https://exchange.xforce.ibmcloud.com/vulnerabilities/53691https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459http://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.iss.net/threats/348.htmlhttp://www.securityfocus.com/bid/36600http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.vupen.com/english/advisories/2009/2851