{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/cpes/cpe2.3aadobeacrobat4.0.5/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:3.1:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:4.0:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:7.0:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*"],"_cs_cves":[{"id":"CVE-2009-3459"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Acrobat","Reader"],"_cs_severities":["critical"],"_cs_tags":["cve-2009-3459","adobe","heap overflow","remote code execution"],"_cs_type":"advisory","_cs_vendors":["Adobe"],"content_html":"\u003cp\u003eCVE-2009-3459 is a heap-based buffer overflow vulnerability affecting Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on a vulnerable system. The vulnerability stems from improper handling of crafted PDF files, leading to memory corruption during processing. Adobe has released security updates to address this issue. CISA has included this vulnerability in its Known Exploited Vulnerabilities catalog, emphasizing the need for organizations to apply mitigations, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable by the due date of 2026-06-03. This vulnerability was initially disclosed in 2009.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious PDF file specifically designed to trigger the heap-based buffer overflow vulnerability in Adobe Acrobat or Reader.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the crafted PDF file to potential victims via email, malicious websites, or other social engineering techniques.\u003c/li\u003e\n\u003cli\u003eThe victim opens the malicious PDF file using a vulnerable version of Adobe Acrobat or Reader.\u003c/li\u003e\n\u003cli\u003eUpon opening the PDF, the application attempts to process the malicious content, leading to a buffer overflow in the heap.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow corrupts adjacent memory regions, potentially overwriting critical data or function pointers.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the memory corruption to inject and execute arbitrary code within the context of the Adobe Acrobat or Reader process.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s code gains control of the system, enabling them to perform malicious actions such as installing malware, stealing sensitive data, or establishing a remote backdoor.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2009-3459 allows remote attackers to execute arbitrary code on affected systems. While the specific number of victims is unknown, the wide usage of Adobe Acrobat and Reader suggests a broad potential impact. This can lead to complete system compromise, data theft, and further propagation of malware within an organization. Failure to apply mitigations by the due date of 2026-06-03 leaves systems vulnerable to exploitation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply mitigations per vendor instructions for Adobe Acrobat and Reader to address CVE-2009-3459.\u003c/li\u003e\n\u003cli\u003eFollow applicable BOD 22-01 guidance for cloud services if using Adobe Acrobat or Reader in a cloud environment.\u003c/li\u003e\n\u003cli\u003eDiscontinue use of vulnerable versions of Adobe Acrobat and Reader if mitigations are unavailable.\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rules to detect potential exploitation attempts involving malicious PDF files.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-20T17:31:49Z","date_published":"2026-05-20T17:31:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-adobe-heap-overflow/","summary":"Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability, tracked as CVE-2009-3459, that could allow remote attackers to execute arbitrary code via a crafted PDF file.","title":"Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability (CVE-2009-3459)","url":"https://feed.craftedsignal.io/briefs/2026-05-adobe-heap-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cpe:2.3:a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*","version":"https://jsonfeed.org/version/1.1"}