Adobe

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability, tracked as CVE-2009-3459, that could allow remote attackers to execute arbitrary code via a crafted PDF file.

A local attacker can exploit multiple vulnerabilities in Adobe Creative Cloud applications to execute arbitrary program code, disclose confidential information, or cause a denial-of-service condition.

Adobe Substance3D Designer versions 15.1.0 and earlier are susceptible to an out-of-bounds write vulnerability (CVE-2026-34682) that can lead to arbitrary code execution if a user opens a specially crafted malicious file.

Adobe Illustrator versions 29.8.6, 30.3 and earlier are affected by a heap-based buffer overflow vulnerability (CVE-2026-34687) that can lead to arbitrary code execution if a user opens a malicious file.

Adobe Substance3D Painter versions 12.0.2 and earlier are vulnerable to an out-of-bounds write, potentially leading to arbitrary code execution if a user opens a malicious file.

Adobe Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability (CVE-2026-34637) that could lead to arbitrary code execution if a user opens a malicious file.

Adobe Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability (CVE-2026-34636) that could lead to arbitrary code execution when a user opens a malicious file.

Adobe patched CVE-2026-34621, a zero-day vulnerability in Acrobat and Reader exploited since December, allowing malicious PDFs to bypass sandboxes and execute arbitrary code, potentially leading to local file theft.

Attackers can maintain persistence by replacing the legitimate RdrCEF.exe executable with a malicious one, which is executed every time Adobe Acrobat Reader is launched.