Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2990 — Adobe Acrobat vulnerability

CWE-18911 documents9 sources

Severity

9.3CRITICALNVD

EPSS

89.1%

top 0.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedOct 19

Latest updateMay 2

Description

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/acrobat_reader9.1.3+25

▶NVDadobe/acrobat9.1.3+23

Patches

Patch: www.adobe.com ↗Patch: www.us-cert.gov ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-rqh9-p568-89pc: Array index error in Adobe Reader and Acrobat 9↗2022-05-02

▶

VulnCheck

Adobe Reader and Acrobat Arbitrary Code Execution↗2009

▶

💥Exploits & PoCs

Exploit-DB

Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (1)↗2010-09-20

▶

Exploit-DB

Adobe Reader / Acrobat - '.U3D' File Invalid Array Index Overflow↗2009-11-09

▶

Metasploit

Adobe U3D CLODProgressiveMeshDeclaration Array Overrun↗

▶

🔍Detection Rules

Suricata

ET WEB_CLIENT Adobe Reader and Acrobat U3D File Invalid Array Index Remote Code Execution Attempt↗2011-01-15

▶

📋Vendor Advisories

Red Hat

acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)↗2009-10-13

▶

🕵️Threat Intelligence

Talos

The Acrobat JavaScript Blocklist Framework↗2010-01-20

▶

Talos

The Acrobat JavaScript Blocklist Framework↗2010-01-20

▶

💬Community

Bugzilla

acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)↗2009-10-13

▶