ThreatLevelBeta
Fix Soon

CVE-2009-3459

Remote Code Execution in Adobe Reader and Acrobat
Loading...

Summary

Adobe Reader and Acrobat are affected in the PDF parsing and heap-management code used to process crafted PDF files. An attacker can send or host a malicious PDF and rely on the victim to open it, which triggers memory corruption in the viewer. Successful exploitation can execute attacker-controlled code in the context of the user running the PDF application, and the issue was reported as exploited in the wild.

Why Fix Soon?

5/6
No authentication required
Internal deployment
User interaction unknown (assumed none)
Exploitable in default configuration
Active exploitation in the wild
High impact vulnerability

Exploitation Details

Type
RCE (Remote Code Execution)
Is exploitable with default configuration?
Yes
Is authentication needed?
No
PoC / Exploit
No
Impact

Execute arbitrary code as the victim user

RCE (Remote Code Execution)
Exploitation Requirements

None — vulnerable in default configuration

Exploitation Process

An attacker builds a malformed PDF that abuses Reader/Acrobat while the document is being parsed and rendered. The PDF is then delivered through email, a link, or a web page, and the victim opens it in Adobe Reader or Acrobat. During parsing, the crafted content corrupts heap state and redirects execution to attacker-controlled code, allowing the payload to run on the endpoint.

Detection Resources
Manual Detection
0
Script Detection
0
Scanner Detection
Tenable Nessus
1

Affected Software

Vendor:Adobe
ProductAffected Versions
Adobe Reader7.x before 7.1.4, 8.x before 8.1.7, 9.x before 9.2
Adobe Acrobat7.x before 7.1.4, 8.x before 8.1.7, 9.x before 9.2
Description

Software for viewing, creating, and editing PDF documents.

Deployment:Typically internal
|
Protocol:HTTP/HTTPS
|
Ports:80, 443
Affected ComponentPDF parsing and custom heap management while processing crafted PDF content.

PDF parsing and custom heap management while processing crafted PDF content.

Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround

Not available

Patch

Not available

Update

Upgrade Adobe Reader or Acrobat to 9.2, 8.1.7, or 7.1.4 or later.

www.adobe.com
Threat Intelligence
EPSS Score87.0%

Probability of exploitation in the next 30 days

EPSS Percentile99%

Worse than 99% of all CVEs

Last updated: Loading...
CISAKEV
CISA KEV
Listed
Loading...
Active Exploitation
Active
nvd.nist.gov
Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

CVSS Base Score

9.3
Critical

CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
|
NVD:CVE-2009-3459
|
Version From:
|
Version Upto:9.1.3, 9.0

Affected Software (CPE) (78)

  • cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:4.0.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:4.0.5c:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:reader:9.1.2:*:*:*:*:*:*:*

Sources

6
SourceArticle
nvd.nist.govCVE-2009-3459 Detail
www.adobe.comSecurity Updates Available for Adobe Reader and Acrobat
blogs.adobe.comAdobe Reader and Acrobat Issue 1
www.cisa.govAdobe Reader and Acrobat Vulnerabilities
www.tenable.comCVE-2009-3459
www.exploit-db.comAdobe Reader's Custom Memory Management: a Heap of Trouble

Priority History

Fix SoonLoading...

Initial analysis