High severity8.8CISA KEVNVD Advisory· Published Oct 13, 2009· Updated May 20, 2026

CVE-2009-3459

Description

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

Affected products

Adobe Inc./Acrobat40 versions
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 39 more
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: <=9.1.3
- cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
Adobe Inc./Acrobat Reader
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Range: <=9.0
Adobe Inc./Reader37 versions
cpe:2.3:a:adobe:reader:3.0:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:adobe:reader:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:4.0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:4.0.5c:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:reader:9.1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.adobe.com/support/security/bulletins/apsb09-15.htmlnvdPatchVendor Advisory
blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.htmlnvdVendor Advisory
secunia.com/advisories/36983nvdVendor Advisory
www.vupen.com/english/advisories/2009/2851nvdVendor Advisory
www.vupen.com/english/advisories/2009/2898nvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA09-286B.htmlnvdUS Government Resource
isc.sans.org/diary.htmlnvd
securitytracker.com/idnvd
www.iss.net/threats/348.htmlnvd
www.securityfocus.com/bid/36600nvd
exchange.xforce.ibmcloud.com/vulnerabilities/53691nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534nvd
www.cisa.gov/known-exploited-vulnerabilities-catalognvd

News mentions

CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA Alerts

cvss	0.572
epss	0.070
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000