Vulnerability intelligence
CVE-2009-3459
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October NOTE: some of these details are obtained from third party information.
CVSS Score
8.8
High
EPSS — Exploit Probability
88%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-06-03
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-06-03.
4 articles across 3 outlets · first covered May 20, 2026 · latest May 21, 2026
Coverage timeline
-
CISA Adds Critical Flaws in Windows, Office, Defender to KEV Listsecurityaffairs.com · May 21, 2026
-
CISA Updates KEV Catalog with New Actively Exploited Flawswww.cisa.gov · May 20, 2026
-
CISA Warns of Active Exploits in Adobe PDF Flaw CVE‑2009‑3459cisa.gov · May 20, 2026
-
CISA adds seven KEV flaws, including 2026 Microsoft Defender bugswww.cisa.gov · May 20, 2026