🟢 CVE-2009-3459

CVE-2009-3459 is a heap-based buffer overflow in Adobe Reader/Acrobat that allows remote code execution via crafted PDF files. This is a client-side vulnerability requiring user interaction to open a malicious PDF, not a server-side vulnerability that can be directly exploited over the internet.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2009-10-13

Added to CISA KEV: 2026-05-20 6063 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2009-3459 is a critical heap-based buffer overflow vulnerability that affected Adobe Reader and Acrobat, which was notably exploited in the wild in October 2009 [2] [1].

Exploitation and Impact
  • Attack Method: The vulnerability is triggered by a specially crafted PDF file that causes memory corruption [2].
  • Exploitation Requirements: It is a remote attack vector. Successful exploitation requires the user to open the malicious PDF file, but no further user interaction is typically required beyond that initial action [1].
  • Impact: Successful exploitation allows a remote attacker to execute arbitrary code with the privileges of the user who opened the PDF [1].
Active Exploitation and Usage
  • In the Wild: The vulnerability was actively exploited in the wild in October 2009 [2].
  • Nature of Attacks: It was used in targeted attacks, where malicious PDF files were distributed via email and web downloads [1].
  • Ransomware: There is no prominent historical record of this specific CVE being a primary vector for modern ransomware campaigns, as it predates the widespread prevalence of the current ransomware-as-a-service (RaaS) models.
Affected Versions and Mitigation
The vulnerability affected the following Adobe products:
  • Adobe Reader and Acrobat 7.x: Versions prior to 7.1.4
  • Adobe Reader and Acrobat 8.x: Versions prior to 8.1.7
  • Adobe Reader and Acrobat 9.x: Versions prior to 9.2
Adobe confirmed the exploitation and released an out-of-band security bulletin to address the issue in 2009 [1]. Users were advised to update to the patched versions immediately to mitigate the risk.

Sources

  1. Adobe Reader/Acrobat, Heap-based Buffer Overflow, CVE-2009-3459 ...

    In October 2009, this vulnerability was actively exploited in targeted attacks, with malicious PDFs distributed via email and web downloads. The flaw affects all versions prior to 7.1.4, 8.1.7, and 9.2. Adobe confirmed the in-the-wild exploitation and released an out-of-band bulletin. ... Exploitati…

  2. CVE-2009-3459 Detail - NVD

    Allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. ... An official website of the United States government Here's how you know ... CVE-2009-3459 Detail. Description. Heap-based buffer overflow in Adobe R…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed