CVE-2009-1492

EXPLOITED

Adobe Acrobat and Reader 7.0-7.1.1 - Remote Code Execution via getAnnots Doc Method

Title source: llm

Exploitation Summary

CVE-2009-1492 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Arr1val.

AI-analyzed exploit summary This exploit targets a vulnerability in Adobe Reader 9.1 and 8.1.4 on Linux by leveraging a heap spray technique to overwrite memory with a NOP sled and shellcode, resulting in a bind shell on port 4444. The exploit uses JavaScript embedded in a PDF to trigger the vulnerability via the getAnnots function.

Description

The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Arr1val · textremotelinux

https://www.exploit-db.com/exploits/8569

View Code ZIP pw:eip

This exploit targets a vulnerability in Adobe Reader 9.1 and 8.1.4 on Linux by leveraging a heap spray technique to overwrite memory with a NOP sled and shellcode, resulting in a bind shell on port 4444. The exploit uses JavaScript embedded in a PDF to trigger the vulnerability via the getAnnots function.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Reader 9.1 and 8.1.4 on Linux

No auth needed

Prerequisites: A PDF with an annotation and embedded JavaScript · Victim interaction to open the malicious PDF

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (27)

Core 27

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8569

Vendor Advisory x_refsource_confirm

http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html

Third Party Advisory x_refsource_confirm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953

Vendor Advisory x_refsource_misc

http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html

Vendor Advisory x_refsource_confirm

http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35734

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-133B.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1189

Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb09-06.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

Exploit, Third Party Advisory x_refsource_misc

http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200907-06.xml

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34924

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1317

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022139

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35358

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35055

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/970180

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/54130

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35416

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-0478.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35096

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35152

Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34736

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50145

Scores

EPSS 0.6806

EPSS Percentile 98.6%

Details

VulnCheck KEV 2010-01-20

CWE

CWE-399

Status published

Products (2)

adobe/acrobat 7.0 - 7.1.1

adobe/acrobat_reader 7.0 - 7.1.1

Published Apr 30, 2009

Tracked Since Feb 18, 2026