COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2009-3459

CVE-2009-3459

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-05-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildunpatched

Adobe Acrobat and Reader exploited a heap-based buffer overflow vulnerability allowing remote code execution via crafted PDF files.

This vulnerability enabled remote attackers to execute arbitrary code through crafted PDF files, posing a significant risk to DIB organizations using Adobe products on unpatched systems. The vulnerability was actively exploited in the wild, requiring immediate patching to prevent potential compromise of sensitive systems.

Shame score — The vulnerability was actively exploited in the wild and required prompt remediation, indicating a failure to maintain security posture on widely used products.

Players implicated

Adobe · vendorAcrobat and Reader · product

Description

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.

Affected FedRAMP products 8 in the catalog

ProductProviderStatusMatch
Adobe Acrobat Sign for Government Adobe Authorized vendor-exact · 0.90
Adobe Analytics Adobe Authorized vendor-exact · 0.90
Adobe Campaign Adobe Authorized vendor-exact · 0.90
Adobe Connect Managed Services (ACMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Creative Cloud for Enterprise Adobe Authorized vendor-exact · 0.90
Adobe Document Cloud (PDF Services & Adobe Sign) Adobe Authorized vendor-exact · 0.90
Adobe Experience Manager Managed Services (AEMMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Learning Manager Adobe Authorized vendor-exact · 0.90