CVE-2009-3459

KEV

🔴 Łataj teraz

Przepełnienie bufora w Adobe Reader umożliwia zdalne wykonanie kodu przez złośliwy plik PDF.

CVSS

8.8

EPSS

91.0%

Exploit

weaponized

Vendor

adobe

Opis źródłowy (NVD)

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

buffer-overflow Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	8.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	91.0%
Opublikowano (NVD)	2009-10-13 10:30:00 UTC
Ostatnia modyfikacja (NVD)	2026-05-21 12:56:49 UTC

Referencje

http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html (psirt@adobe.com) [Vendor Advisory, Broken Link]
http://isc.sans.org/diary.html?storyid=7300 (psirt@adobe.com) [Not Applicable]
http://secunia.com/advisories/36983 (psirt@adobe.com) [Vendor Advisory]
http://securitytracker.com/id?1023007 (psirt@adobe.com) [Broken Link]
http://www.adobe.com/support/security/bulletins/apsb09-15.html (psirt@adobe.com) [Patch, Vendor Advisory]
http://www.iss.net/threats/348.html (psirt@adobe.com) [Broken Link]
http://www.securityfocus.com/bid/36600 (psirt@adobe.com) [Broken Link]
http://www.us-cert.gov/cas/techalerts/TA09-286B.html (psirt@adobe.com) [US Government Resource]
http://www.vupen.com/english/advisories/2009/2851 (psirt@adobe.com) [Vendor Advisory]
http://www.vupen.com/english/advisories/2009/2898 (psirt@adobe.com) [Vendor Advisory]
https://exchange.xforce.ibmcloud.com/vulnerabilities/53691 (psirt@adobe.com) [Third Party Advisory, VDB Entry]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6534 (psirt@adobe.com) [Broken Link]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-3459 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]