CVE-2009-3459 — Adobe Acrobat and Reader: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
CISA KEV vulnerabilitycvecisa-kevactively-exploited
CVE-2009-3459 — Adobe Acrobat and Reader: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

Image via

CVE-2009-3459 — Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.

https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities

What This Means For You

  • CISA has confirmed active exploitation — immediate patching required.
  • Added to CISA KEV catalog — federal agencies must remediate by 2026-06-03.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1204.002 Malicious File Initial Access

Indicators of Compromise

IDTypeIndicator
CVE-2009-3459 RCE Adobe Acrobat (all versions prior to 9.2)
CVE-2009-3459 RCE Adobe Reader (all versions prior to 9.2)
CVE-2009-3459 Buffer Overflow Heap-based buffer overflow via crafted PDF file
CVE-2009-3459 Memory Corruption Triggered by crafted PDF file

Written by SCW Vulnerability Desk

🔎
Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.
Open Intel Bot →
Source & Attribution
Source PlatformCISA
ChannelCISA KEV
Channel IDcisa-kev
Message ID20093459
PublishedMay 20, 2026 at 15:00 UTC
Original Linkhttps://www.cisa.gov/news-events/alerts/2009/10/13/adobe-...

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-9141: Taiko AG1000-01A SMS Gateway Critical Auth Bypass

CVE-2026-9141 — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows...

vulnerabilityCVEcriticalhigh-severityauthentication-bypasscwe-306
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 7 Sigma

Taiko AG1000-01A SMS Gateway Critical Hard-Coded Credential Vulnerability

CVE-2026-9139 — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication...

vulnerabilityCVEcriticalhigh-severitycwe-798
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 1 IOC /⚙ 3 Sigma

Google Chrome Use-After-Free (CVE-2026-9126) Allows RCE

CVE-2026-9126 — Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox...

vulnerabilityCVEhigh-severityuse-after-freecwe-416
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 3 Sigma