9.3
CVSSv2

CVE-2009-3459

Published: 13/10/2009 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 1000
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x prior to 7.1.4, 8.x prior to 8.1.7, and 9.x prior to 9.2 allows remote malicious users to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

Exploits

## # $Id: adobe_flatedecode_predictor02rb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/c ...
## # $Id: adobe_flatedecode_predictor02rb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'ms ...

Metasploit Modules

Adobe FlateDecode Stream Predictor 02 Integer Overflow

This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.

msf > use exploit/windows/fileformat/adobe_flatedecode_predictor02
      msf exploit(adobe_flatedecode_predictor02) > show targets
            ...targets...
      msf exploit(adobe_flatedecode_predictor02) > set TARGET <target-id>
      msf exploit(adobe_flatedecode_predictor02) > show options
            ...show and set options...
      msf exploit(adobe_flatedecode_predictor02) > exploit
Adobe FlateDecode Stream Predictor 02 Integer Overflow

This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.

msf > use exploit/windows/browser/adobe_flatedecode_predictor02
      msf exploit(adobe_flatedecode_predictor02) > show targets
            ...targets...
      msf exploit(adobe_flatedecode_predictor02) > set TARGET <target-id>
      msf exploit(adobe_flatedecode_predictor02) > show options
            ...show and set options...
      msf exploit(adobe_flatedecode_predictor02) > exploit