Published: 13/10/2009 Updated: 30/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x prior to 7.1.4, 8.x prior to 8.1.7, and 9.x prior to 9.2 allows remote malicious users to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe acrobat 5.0
adobe acrobat 5.0.10
adobe acrobat 6.0.4
adobe acrobat 6.0.5
adobe acrobat 7.0.7
adobe acrobat 7.0.8
adobe acrobat 7.0.9
adobe acrobat 9.0.0
adobe acrobat 9.1
adobe acrobat 8.1.6
adobe acrobat 4.0
adobe acrobat 4.0.5
adobe acrobat 6.0
adobe acrobat 6.0.1
adobe acrobat 7.0.2
adobe acrobat 7.0.3
adobe acrobat 8.1.1
adobe acrobat 8.1.2
adobe acrobat
adobe acrobat 7.0.4
adobe acrobat 4.0.5a
adobe acrobat 4.0.5c
adobe acrobat 6.0.2
adobe acrobat 6.0.3
adobe acrobat 7.0.5
adobe acrobat 7.0.6
adobe acrobat 8.1.3
adobe acrobat 9
adobe acrobat 7.1.3
adobe acrobat 8.1.4
adobe acrobat 3.0
adobe acrobat 3.1
adobe acrobat 5.0.5
adobe acrobat 5.0.6
adobe acrobat 7.0
adobe acrobat 7.0.1
adobe acrobat 8.0
adobe acrobat 8.1
adobe acrobat 9.1.1
adobe acrobat 9.1.2
adobe reader 5.0.10
adobe reader 4.0.5
adobe reader 4.0.5a
adobe reader 5.1
adobe reader 5.0.9
adobe reader 6.0.1
adobe reader 7.0.1
adobe reader 7.0.5
adobe reader 7.0.3
adobe reader 9.1.2
adobe reader 8.1.2
adobe reader 8.1.6
adobe reader 4.0.5c
adobe reader 4.5
adobe reader 5.0
adobe reader 5.0.7
adobe reader 5.0.6
adobe reader 7.0.2
adobe reader 7.1.0
adobe reader 8.1.1
adobe reader 9.1
adobe reader 5.0.11
adobe reader 6.0.5
adobe reader 6.0.4
adobe reader 7.1.1
adobe reader 7.0.9
adobe reader 9.0
adobe reader 8.1.4
adobe reader 3.0
adobe reader 4.0
adobe reader 5.0.5
adobe reader 6.0
adobe reader 6.0.3
adobe reader 6.0.2
adobe reader 7.0.8
adobe reader 7.0.7
adobe reader 7.1.3
adobe acrobat reader

## # $Id: adobe_flatedecode_predictor02rb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/c ...

## # $Id: adobe_flatedecode_predictor02rb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'ms ...

CWE-119 http://secunia.com/advisories/36983 http://isc.sans.org/diary.html?storyid=7300 http://www.vupen.com/english/advisories/2009/2851 http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/bid/36600 http://www.iss.net/threats/348.html http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2009/2898 http://securitytracker.com/id?1023007 https://exchange.xforce.ibmcloud.com/vulnerabilities/53691 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534 https://nvd.nist.gov https://www.exploit-db.com/exploits/16652/

CVE-2009-3459

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect