High severity8.8CISA KEVNVD Advisory· Published Oct 13, 2009· Updated Jun 16, 2026
CVE-2009-3459
CVE-2009-3459
Description
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: >=7.0,<7.1.4
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: >=7.0,<7.1.4
- (no CPE)range: <7.1.4, <8.1.7, <9.2
- Range: <7.1.4, <8.1.7, <9.2
Patches
Vulnerability mechanics
References
13- www.adobe.com/support/security/bulletins/apsb09-15.htmlnvdPatchVendor Advisory
- blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.htmlnvdBroken LinkVendor Advisory
- secunia.com/advisories/36983nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2851nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2898nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/53691nvdThird Party AdvisoryVDB Entry
- isc.sans.org/diary.htmlnvdNot Applicable
- securitytracker.com/idnvdBroken Link
- www.iss.net/threats/348.htmlnvdBroken Link
- www.securityfocus.com/bid/36600nvdBroken Link
- www.us-cert.gov/cas/techalerts/TA09-286B.htmlnvdUS Government Resource
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
4- Microsoft Warns of Two Actively Exploited Defender VulnerabilitiesThe Hacker News · May 21, 2026
- Microsoft Patches Exploited UnDefend and RedSun Defender Zero-DaysSecurityWeek · May 21, 2026
- Adobe Reader/Acrobat CVE-2009-3459 Added to CISA KEV Under Active ExploitationVypr Intelligence · Oct 13, 2009
- CISA Adds Seven Known Exploited Vulnerabilities to CatalogCISA Alerts