CVE-2009-0927
HIGH KEVAdobe Acrobat Reader < 7.1.1 - Improper Input Validation
Title source: ruleDescription
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Exploits (6)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16681
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16606
exploitdb
WORKING POC
VERIFIED
by kralor · pythonlocalwindows
https://www.exploit-db.com/exploits/9579
exploitdb
WORKING POC
VERIFIED
by Abysssec · textlocalwindows
https://www.exploit-db.com/exploits/8595
metasploit
WORKING POC
GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_geticon.rb
metasploit
WORKING POC
GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_geticon.rb
References (17)
Scores
CVSS v3
8.8
EPSS
0.9331
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-03-25
VulnCheck KEV
2010-01-20
InTheWild.io
2022-03-25
ENISA EUVD
EUVD-2009-0924
CWE
CWE-121
CWE-20
Status
published
Products (1)
adobe/acrobat_reader
7.0 - 7.1.1
Published
Mar 19, 2009
KEV Added
Mar 25, 2022
Tracked Since
Feb 18, 2026