CVE-2009-3459

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html	Broken Link Vendor Advisory
http://isc.sans.org/diary.html?storyid=7300	Not Applicable
http://secunia.com/advisories/36983	Vendor Advisory
http://securitytracker.com/id?1023007	Broken Link
http://www.adobe.com/support/security/bulletins/apsb09-15.html	Patch Vendor Advisory
http://www.iss.net/threats/348.html	Broken Link
http://www.securityfocus.com/bid/36600	Broken Link
http://www.us-cert.gov/cas/techalerts/TA09-286B.html	US Government Resource
http://www.vupen.com/english/advisories/2009/2851	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2898	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534	Broken Link
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html	Broken Link Vendor Advisory
http://isc.sans.org/diary.html?storyid=7300	Not Applicable
http://secunia.com/advisories/36983	Vendor Advisory
http://securitytracker.com/id?1023007	Broken Link
http://www.adobe.com/support/security/bulletins/apsb09-15.html	Patch Vendor Advisory
http://www.iss.net/threats/348.html	Broken Link
http://www.securityfocus.com/bid/36600	Broken Link
http://www.us-cert.gov/cas/techalerts/TA09-286B.html	US Government Resource
http://www.vupen.com/english/advisories/2009/2851	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2898	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534	Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader::::::::

History

16 Jun 2026, 23:11

Type	Values Removed	Values Added
References	~~() http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html - Vendor Advisory, Broken Link~~	() http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html - Broken Link, Vendor Advisory

21 May 2026, 12:56

Type	Values Removed	Values Added
References	~~() http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html - Vendor Advisory~~	() http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html - Vendor Advisory, Broken Link
References	~~() http://isc.sans.org/diary.html?storyid=7300 -~~	() http://isc.sans.org/diary.html?storyid=7300 - Not Applicable
References	~~() http://securitytracker.com/id?1023007 -~~	() http://securitytracker.com/id?1023007 - Broken Link
References	~~() http://www.iss.net/threats/348.html -~~	() http://www.iss.net/threats/348.html - Broken Link
References	~~() http://www.securityfocus.com/bid/36600 -~~	() http://www.securityfocus.com/bid/36600 - Broken Link
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/53691 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/53691 - Third Party Advisory, VDB Entry
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534 - Broken Link
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459 - US Government Resource
CPE	cpe:2.3:a:adobe:reader:8.1.1:::::::* cpe:2.3:a:adobe:reader:8.1.6:::::::* cpe:2.3:a:adobe:acrobat:9:::::::* cpe:2.3:a:adobe:reader:5.0.6:::::::* cpe:2.3:a:adobe:acrobat:7.0:::::::* cpe:2.3:a:adobe:reader:4.0.5:::::::* cpe:2.3:a:adobe:acrobat:8.1.4:::::::* cpe:2.3:a:adobe:reader:6.0.2:::::::* cpe:2.3:a:adobe:reader:7.1.1:::::::* cpe:2.3:a:adobe:acrobat:4.0.5c:::::::* cpe:2.3:a:adobe:acrobat:7.0.7:::::::* cpe:2.3:a:adobe:acrobat:8.1.1:::::::* cpe:2.3:a:adobe:acrobat:5.0:::::::* cpe:2.3:a:adobe:reader:7.1.0:::::::* cpe:2.3:a:adobe:reader:9.0:::::::* cpe:2.3:a:adobe:reader:5.0:::::::* cpe:2.3:a:adobe:acrobat:6.0:::::::* cpe:2.3:a:adobe:acrobat:6.0.3:::::::* cpe:2.3:a:adobe:reader:7.0.7:::::::* cpe:2.3:a:adobe:reader:6.0.4:::::::* cpe:2.3:a:adobe:reader:8.1.2:::::::* cpe:2.3:a:adobe:reader:4.0:::::::* cpe:2.3:a:adobe:acrobat:7.0.2:::::::* cpe:2.3:a:adobe:reader:3.0:::::::* cpe:2.3:a:adobe:acrobat:6.0.4:::::::* cpe:2.3:a:adobe:acrobat:3.1:::::::* cpe:2.3:a:adobe:reader:5.1:::::::* cpe:2.3:a:adobe:acrobat:8.1.2:::::::* cpe:2.3:a:adobe:reader:4.0.5c:::::::* cpe:2.3:a:adobe:reader:7.0.3:::::::* cpe:2.3:a:adobe:reader:6.0.1:::::::* cpe:2.3:a:adobe:acrobat:6.0.1:::::::* cpe:2.3:a:adobe:acrobat:7.0.6:::::::* cpe:2.3:a:adobe:acrobat:7.0.4:::::::* cpe:2.3:a:adobe:reader:5.0.9:::::::* cpe:2.3:a:adobe:acrobat:7.1.3:::::::* cpe:2.3:a:adobe:acrobat:5.0.10:::::::* cpe:2.3:a:adobe:acrobat:5.0.6:::::::* cpe:2.3:a:adobe:reader:9.1.2:::::::* cpe:2.3:a:adobe:reader:6.0.3:::::::* cpe:2.3:a:adobe:reader:7.0.1:::::::* cpe:2.3:a:adobe:acrobat:4.0.5:::::::* cpe:2.3:a:adobe:acrobat:5.0.5:::::::* cpe:2.3:a:adobe:acrobat:8.1.6:::::::* cpe:2.3:a:adobe:acrobat:9.1.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.3:::::::* cpe:2.3:a:adobe:acrobat:4.0.5a:::::::* cpe:2.3:a:adobe:reader:7.0.2:::::::* cpe:2.3:a:adobe:reader:4.0.5a:::::::* cpe:2.3:a:adobe:reader:5.0.5:::::::* cpe:2.3:a:adobe:acrobat:9.1:::::::* cpe:2.3:a:adobe:acrobat:7.0.1:::::::* cpe:2.3:a:adobe:reader:6.0:::::::* cpe:2.3:a:adobe:reader:5.0.7:::::::* cpe:2.3:a:adobe:reader:4.5:::::::* cpe:2.3:a:adobe:reader:8.1.4:::::::* cpe:2.3:a:adobe:acrobat:9.0.0:::::::* cpe:2.3:a:adobe:acrobat:3.0:::::::* cpe:2.3:a:adobe:acrobat:8.1:::::::* cpe:2.3:a:adobe:acrobat:7.0.3:::::::* cpe:2.3:a:adobe:reader:9.1:::::::* cpe:2.3:a:adobe:acrobat:7.0.8:::::::* cpe:2.3:a:adobe:acrobat:6.0.5:::::::* cpe:2.3:a:adobe:acrobat:8.0:::::::* cpe:2.3:a:adobe:reader:7.1.3:::::::* cpe:2.3:a:adobe:acrobat:7.0.9:::::::* cpe:2.3:a:adobe:acrobat:7.0.5:::::::* cpe:2.3:a:adobe:acrobat:4.0:::::::* cpe:2.3:a:adobe:reader:5.0.10:::::::* cpe:2.3:a:adobe:reader:5.0.11:::::::* cpe:2.3:a:adobe:reader:7.0.9:::::::* cpe:2.3:a:adobe:reader:7.0.5:::::::* cpe:2.3:a:adobe:reader:6.0.5:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:::::::* cpe:2.3:a:adobe:reader:7.0.8:::::::* cpe:2.3:a:adobe:acrobat:6.0.2:::::::*

20 May 2026, 18:16

Type	Values Removed	Values Added
CWE		CWE-122
CVSS	v2 : ~~9.3~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 8.8
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459 -

21 Nov 2024, 01:07

Type	Values Removed	Values Added
References	~~() http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html - Vendor Advisory~~	() http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html - Vendor Advisory
References	~~() http://isc.sans.org/diary.html?storyid=7300 -~~	() http://isc.sans.org/diary.html?storyid=7300 -
References	~~() http://secunia.com/advisories/36983 - Vendor Advisory~~	() http://secunia.com/advisories/36983 - Vendor Advisory
References	~~() http://securitytracker.com/id?1023007 -~~	() http://securitytracker.com/id?1023007 -
References	~~() http://www.adobe.com/support/security/bulletins/apsb09-15.html - Patch, Vendor Advisory~~	() http://www.adobe.com/support/security/bulletins/apsb09-15.html - Patch, Vendor Advisory
References	~~() http://www.iss.net/threats/348.html -~~	() http://www.iss.net/threats/348.html -
References	~~() http://www.securityfocus.com/bid/36600 -~~	() http://www.securityfocus.com/bid/36600 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA09-286B.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA09-286B.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2009/2851 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/2851 - Vendor Advisory
References	~~() http://www.vupen.com/english/advisories/2009/2898 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/2898 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/53691 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/53691 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534 -

Information

Published : 2009-10-13 10:30

Updated : 2026-06-16 23:11

NVD link : CVE-2009-3459

Mitre link : CVE-2009-3459

CVE.ORG link : CVE-2009-3459

JSON object : View

Products Affected

adobe

acrobat
acrobat_reader

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122

Heap-based Buffer Overflow

8.8 /10