Adobe Reader/Acrobat RCE exploited (CVE-2009-3459)

Actively exploited in the wild - CVE-2009-3459 is a critical heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 that allows remote attackers to execute arbitrary code via a crafted PDF file. Patches were released in October 2009; apply immediately if not already deployed.

Overview

CVE-2009-3459 is a critical heap-based buffer overflow vulnerability in Adobe Reader and Acrobat. The flaw triggers memory corruption when a specially crafted PDF file is opened, enabling an attacker to execute arbitrary code on the victim’s system. The vulnerability is remotely exploitable over the network with no authentication required, though user interaction is needed to open the malicious PDF.

This vulnerability was actively exploited in the wild in October 2009, and due to the sustained high EPSS probability of exploitation (87.0%), any unpatched installations remain at severe risk.

Impact

A successful exploit grants the attacker the ability to execute code with the privileges of the victim’s user account. Given the widespread deployment of PDF readers in enterprise environments, an attacker could use this vulnerability to deliver malware or gain an initial foothold on a network.

Severity: CRITICAL (CVSS 9.3)

Affected Products

• Adobe Reader and Acrobat 7.x before 7.1.4
• Adobe Reader and Acrobat 8.x before 8.1.7
• Adobe Reader and Acrobat 9.x before 9.2

Remediation

Patch immediately by upgrading to the following fixed versions:

• Adobe Reader and Acrobat 9.2 or later
• Adobe Reader and Acrobat 8.1.7 or later
• Adobe Reader and Acrobat 7.1.4 or later

If upgrading is not immediately possible, disable PDF handling in the browser or use content security gateways to inspect PDF files for suspicious structures. For further details, see the Adobe Security Advisory.

For data breach reports, visit our breach reports section; stay updated on vulnerabilities with our security news.

Security Insight

CVE-2009-3459 underscores the persistent risk posed by legacy file-format parsing vulnerabilities. Even though the patch is over a decade old, the high EPSS score indicates attackers continue to target unpatched systems, often in environments with outdated document collaboration tools. Many organizations still run legacy Adobe Reader versions on isolated endpoints; these represent a silent but critical risk. For CISOs, this case reinforces that multi-year patch cycles can leave a window open for adversaries using known exploit chains.

Further Reading

• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs