CVE-1999-1576

Adobe Acrobat Reader 4.0 - Remote Code Execution via ActiveX pdf.setview Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1576. PoCs published by Shane Hird.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the Adobe Acrobat ActiveX control (pdf.ocx) via the setview method to execute arbitrary commands (CALC.EXE) by overwriting the return address with a JMP ESP instruction from Shell32.dll.

Description

Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Shane Hird · textremotewindows
https://www.exploit-db.com/exploits/19514

This exploit leverages a buffer overflow in the Adobe Acrobat ActiveX control (pdf.ocx) via the setview method to execute arbitrary commands (CALC.EXE) by overwriting the return address with a JMP ESP instruction from Shell32.dll.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Acrobat Viewer 4.0 (pdf.ocx 1.3.188)
No auth needed
Prerequisites: Victim must visit a malicious webpage with Internet Explorer 4.X · Adobe Acrobat Viewer 4.0 with vulnerable pdf.ocx installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/25919
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/666
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3318
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/28719

Scores

EPSS 0.1289
EPSS Percentile 95.8%

Details

Status published
Products (1)
adobe/acrobat_reader 4.0
Published Sep 27, 1999
Tracked Since Feb 18, 2026