Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2983Out-of-bounds Write in Adobe Acrobat

CWE-3995 documents5 sources
Severity
9.3CRITICALNVD
EPSS
43.9%
top 2.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedOct 19
Latest updateMay 2

Description

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader9.1.3+25
NVDadobe/acrobat9.1.3+23

Patches

Patch: www.adobe.comPatch: www.us-cert.govPatch: www.vupen.com

🔴Vulnerability Details

1
GHSA
GHSA-w89j-crf7-qmgx: Adobe Reader and Acrobat 92022-05-02

💥Exploits & PoCs

1
Exploit-DB
Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution2009-10-13

📋Vendor Advisories

1
Red Hat
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)2009-10-13

💬Community

1
Bugzilla
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)2009-10-13
CVE-2009-2983 — Out-of-bounds Write in Adobe Acrobat | cvebase