Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2994Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write8 documents5 sources
Severity
9.3CRITICALNVD
NVD8.8
EPSS
54.1%
top 1.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Adobe AcrobatAdobe Acrobat ReaderOpensuse+2 more
Timeline
PublishedOct 19
Latest updateMay 2

Description

Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDadobe/acrobat_reader9.1.3+25
NVDadobe/acrobat7.07.1.4+26
NVDopensuse/opensuse11.1, 11.2+1

Also affects: Linux Enterprise 10.0

Patches

Patch: www.adobe.comPatch: www.us-cert.govPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-q4f6-24ph-r6rm: The U3D implementation in Adobe Reader and Acrobat 92022-05-02
GHSA
GHSA-2gq8-v73v-2x6j: Buffer overflow in Adobe Reader and Acrobat 72022-05-02

💥Exploits & PoCs

1
Exploit-DB
Adobe Acrobat Reader 7 < 9 - U3D Buffer Overflow2009-10-27

📋Vendor Advisories

2
Red Hat
acroread: multiple code execution flaws (APSB10-02)2010-01-12
Red Hat
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)2009-10-13

💬Community

1
Bugzilla
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)2009-10-13
CVE-2009-2994 — Adobe Acrobat vulnerability | cvebase