CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Summary
A heap-based buffer overflow vulnerability exists in Adobe Acrobat and Reader that could permit remote code execution. Attackers can exploit this by crafting a PDF file to trigger memory corruption. Defenders are advised to apply vendor-provided mitigations or discontinue product use if mitigations are unavailable.
IFF Assessment
This vulnerability allows remote attackers to execute arbitrary code, posing a significant risk to users and organizations.
Severity
The vulnerability allows for remote code execution via a crafted PDF, with a likely high attack vector and significant impact on confidentiality, integrity, and availability.
CISA KEV: Listed as actively exploited. Federal patch due: June 03, 2026. Known ransomware use: Unknown.
Defender Context
This older vulnerability highlights the ongoing risk posed by memory corruption flaws in widely used software like Adobe Reader. Defenders should prioritize patching and applying mitigations for known vulnerabilities, especially those that could lead to remote code execution, and be aware of the potential for exploitation even in legacy software.