9.3

CVE-2009-3459

Warnung
Medienbericht
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Version >= 7.0 < 7.1.4
AdobeAcrobat Version >= 8.0 < 8.1.7
AdobeAcrobat Version >= 9.0 < 9.2
AdobeAcrobat Reader Version >= 7.0 < 7.1.4
AdobeAcrobat Reader Version >= 8.0 < 8.1.7
AdobeAcrobat Reader Version >= 9.0 < 9.2

20.05.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

Schwachstelle

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 86.47% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.05.2026 14:09
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.05.2026 08:24
http://securitytracker.com/id?1023007
Broken Link
http://www.adobe.com/support/security/bulletins/apsb09-15.html
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
US Government Resource
http://www.vupen.com/english/advisories/2009/2898
Vendor Advisory
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
Vendor Advisory
Broken Link
http://isc.sans.org/diary.html?storyid=7300
Not Applicable
http://secunia.com/advisories/36983
Vendor Advisory
http://www.iss.net/threats/348.html
Broken Link
http://www.securityfocus.com/bid/36600
Broken Link
http://www.vupen.com/english/advisories/2009/2851
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459
US Government Resource