CVE-2009-0658

HIGH EXPLOITED IN THE WILD

Adobe Reader <9.0 - Buffer Overflow

Title source: llm

Description

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16672
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16593
exploitdb STUB VERIFIED
by webDEViL · textdoswindows
https://www.exploit-db.com/exploits/8090
exploitdb WORKING POC VERIFIED
by Guido Landi · perldoswindows
https://www.exploit-db.com/exploits/8099
metasploit WORKING POC GOOD
by natron · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_jbig2decode.rb
metasploit WORKING POC GOOD
by natron · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_jbig2decode.rb

References (26)

... and 6 more

Scores

CVSS v3 7.8
EPSS 0.9201
EPSS Percentile 99.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2009-02-20
InTheWild.io 2019-09-27
CWE
CWE-119
Status published
Products (4)
adobe/acrobat 9.0
adobe/acrobat 7.0 - 7.1.1
adobe/acrobat_reader 9.0
adobe/acrobat_reader 7.0 - 7.1.1
Published Feb 20, 2009
Tracked Since Feb 18, 2026