Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3958Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
65.3%
top 1.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJan 13
Latest updateMay 2

Description

Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat9.2+46

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-9h4m-rpg2-qjcw: Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 12022-05-02

💥Exploits & PoCs

1
Exploit-DB
Adobe GetPlus get_atlcom 1.6.2.48 - ActiveX Remote Execution2010-01-17

🔍Detection Rules

1
Suricata
ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcomHelper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt2010-07-30

📋Vendor Advisories

1
Red Hat
acroread: multiple code execution flaws (APSB10-02)2010-01-12

💬Community

1
Bugzilla
CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02)2010-01-11
CVE-2009-3958 — Adobe Acrobat vulnerability | cvebase