CVE-2009-1493

EXPLOITED

Adobe Reader 9.1, 8.1.4, 7.1.1 and earlier - Remote Code Execution via customDictionaryOpen JavaScript Method

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-1493 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Arr1val.

AI-analyzed exploit summary This exploit targets a vulnerability in Adobe Reader by leveraging a heap spray technique to execute arbitrary shellcode. It uses a custom dictionary function to trigger the exploit, leading to remote code execution.

Description

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Arr1val · textremotelinux
https://www.exploit-db.com/exploits/8570

This exploit targets a vulnerability in Adobe Reader by leveraging a heap spray technique to execute arbitrary shellcode. It uses a custom dictionary function to trigger the exploit, leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader 9.1 and 8.1.4
No auth needed
Prerequisites: Victim must open a malicious PDF file containing this JavaScript exploit
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (26)

Core 26
Core References
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35734
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34740
Third Party Advisory x_refsource_confirm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8570
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1189
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Third Party Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-06.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/54129
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200907-06.xml
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34924
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1317
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022139
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35358
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35055
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/970180
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35416
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0478.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35096
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35152

Scores

EPSS 0.2183
EPSS Percentile 97.3%

Details

VulnCheck KEV 2010-01-20
CWE
CWE-399
Status published
Products (2)
adobe/reader 8.1.4
adobe/reader 9.1
Published Apr 30, 2009
Tracked Since Feb 18, 2026