CVE-2009-2990

EXPLOITED

Adobe Acrobat < 9.1.3 - Numeric Error

Title source: rule

Description

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/16309

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Felipe Andres Manzano · textlocalmultiple

https://www.exploit-db.com/exploits/9990

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb

View Code ZIP pw:eip

References (6)

[Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb09-15.html

[Patch, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA09-286B.html

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/2898

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36638

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6371

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023007

Scores

EPSS 0.8912

EPSS Percentile 99.5%

Details

VulnCheck KEV 2010-01-20

CWE

CWE-189

Status published

Products (50)

adobe/acrobat 7.0

adobe/acrobat 7.0.1

adobe/acrobat 7.0.2

adobe/acrobat 7.0.3

adobe/acrobat 7.0.4

adobe/acrobat 7.0.5

adobe/acrobat 7.0.6

adobe/acrobat 7.0.7

adobe/acrobat 7.0.8

adobe/acrobat 7.0.9

... and 40 more

Published Oct 19, 2009

Tracked Since Feb 18, 2026