CVE-2009-3459

KEV
Published: Ott 13, 2009 Last Modified: Apr 23, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 9,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,8836
Percentile
1,0th
Updated

EPSS Score Trend (Last 75 Days)

119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Stable
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Memory Read Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
Exploit

Adobe - FlateDecode Stream Predictor 02 Integer Overflow …

Verified Metasploit Framework (MSF)

Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1)

Author: Metasploit Published: Status: Verified
View Exploit Code →
Exploit

Adobe - FlateDecode Stream Predictor 02 Integer Overflow …

Verified Metasploit Framework (MSF)

Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)

Author: Metasploit Published: Status: Verified
View Exploit Code →
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.8
cpe:2.3:a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.1.1
cpe:2.3:a:adobe:reader:7.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 4.0.5c
cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 9.0
cpe:2.3:a:adobe:reader:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.0.8
cpe:2.3:a:adobe:reader:7.0.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.1.0
cpe:2.3:a:adobe:reader:7.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 6.0
cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 8.1.6
cpe:2.3:a:adobe:reader:8.1.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.3
cpe:2.3:a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.1.3
cpe:2.3:a:adobe:reader:7.1.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 5.0
cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.1.3
cpe:2.3:a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 8.1.2
cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 8.0
cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.0.11
cpe:2.3:a:adobe:reader:5.0.11:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.5
cpe:2.3:a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 6.0
cpe:2.3:a:adobe:reader:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 9
cpe:2.3:a:adobe:acrobat:9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.4
cpe:2.3:a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 6.0.4
cpe:2.3:a:adobe:reader:6.0.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 9.1.2
cpe:2.3:a:adobe:reader:9.1.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 6.0.3
cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 3.0
cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 6.0.3
cpe:2.3:a:adobe:reader:6.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 4.0
cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 9.1.1
cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 6.0.1
cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 6.0.2
cpe:2.3:a:adobe:reader:6.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 6.0.1
cpe:2.3:a:adobe:reader:6.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 4.0
cpe:2.3:a:adobe:reader:4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 4.0.5a
cpe:2.3:a:adobe:reader:4.0.5a:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 9.0.0
cpe:2.3:a:adobe:acrobat:9.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 8.1.4
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.6
cpe:2.3:a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.0.9
cpe:2.3:a:adobe:reader:7.0.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 8.1.2
cpe:2.3:a:adobe:reader:8.1.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 4.0.5
cpe:2.3:a:adobe:reader:4.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.0.5
cpe:2.3:a:adobe:reader:5.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 8.1
cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.9
cpe:2.3:a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 6.0.5
cpe:2.3:a:adobe:reader:6.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 6.0.4
cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.0.1
cpe:2.3:a:adobe:reader:7.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.0
cpe:2.3:a:adobe:reader:5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat Reader by Adobe

Product Information
Vendor Adobe
Product Acrobat Reader
Version Range Affected
To 9.0 (inclusive)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version Range Affected
To 9.1.3 (inclusive)
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 9.1.2
cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 6.0.5
cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.0.6
cpe:2.3:a:adobe:reader:5.0.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.7
cpe:2.3:a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 8.1.1
cpe:2.3:a:adobe:reader:8.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 4.0.5a
cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 4.5
cpe:2.3:a:adobe:reader:4.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 4.0.5
cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 5.0.5
cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.0.3
cpe:2.3:a:adobe:reader:7.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 5.0.6
cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.0.2
cpe:2.3:a:adobe:reader:7.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 8.1.6
cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 3.1
cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 9.1
cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.0.10
cpe:2.3:a:adobe:reader:5.0.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 8.1.1
cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.0.5
cpe:2.3:a:adobe:reader:7.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.2
cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 3.0
cpe:2.3:a:adobe:reader:3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 4.0.5c
cpe:2.3:a:adobe:reader:4.0.5c:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 7.0.7
cpe:2.3:a:adobe:reader:7.0.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 8.1.4
cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.0.9
cpe:2.3:a:adobe:reader:5.0.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 8.1.3
cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 6.0.2
cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.0.7
cpe:2.3:a:adobe:reader:5.0.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0.1
cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 9.1
cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Reader by Adobe

Product Information
Vendor Adobe
Product Reader
Version 5.1
cpe:2.3:a:adobe:reader:5.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 5.0.10
cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Acrobat by Adobe

Product Information
Vendor Adobe
Product Acrobat
Version 7.0
cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrob…
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
http://isc.sans.org/diary.html?storyid=7300
http://isc.sans.org/diary.html?storyid=7300
http://secunia.com/advisories/36983
http://secunia.com/advisories/36983
http://securitytracker.com/id?1023007
http://securitytracker.com/id?1023007
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://www.adobe.com/support/security/bulletins/apsb09-15.h…
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.iss.net/threats/348.html
http://www.iss.net/threats/348.html
http://www.securityfocus.com/bid/36600
http://www.securityfocus.com/bid/36600
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.vupen.com/english/advisories/2009/2851
http://www.vupen.com/english/advisories/2009/2851
http://www.vupen.com/english/advisories/2009/2898
http://www.vupen.com/english/advisories/2009/2898
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrob…
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
http://isc.sans.org/diary.html?storyid=7300
http://isc.sans.org/diary.html?storyid=7300
http://secunia.com/advisories/36983
http://secunia.com/advisories/36983
http://securitytracker.com/id?1023007
http://securitytracker.com/id?1023007
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://www.adobe.com/support/security/bulletins/apsb09-15.h…
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.iss.net/threats/348.html
http://www.iss.net/threats/348.html
http://www.securityfocus.com/bid/36600
http://www.securityfocus.com/bid/36600
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.vupen.com/english/advisories/2009/2851
http://www.vupen.com/english/advisories/2009/2851
http://www.vupen.com/english/advisories/2009/2898
http://www.vupen.com/english/advisories/2009/2898