CVE-2009-2990

EXPLOITED

Adobe Acrobat and Reader < 9.2 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-2990 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, Felipe Andres Manzano, including a Metasploit module exploits/multi/fileformat/adobe_u3d_meshcont.

AI-analyzed exploit summary This is a Metasploit module exploiting CVE-2009-2990, an array overflow in Adobe Reader/Acrobat via malformed U3D data in a PDF. It uses JavaScript heap spraying to achieve arbitrary code execution.

Description

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16309

This is a Metasploit module exploiting CVE-2009-2990, an array overflow in Adobe Reader/Acrobat via malformed U3D data in a PDF. It uses JavaScript heap spraying to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader/Acrobat < 7.1.4, < 8.1.7, < 9.2
No auth needed
Prerequisites: Victim opens a malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Felipe Andres Manzano · textlocalmultiple
https://www.exploit-db.com/exploits/9990

This exploit targets a vulnerability in Adobe Acrobat Reader (CVE-2009-2990) by crafting a malicious U3D file embedded in a PDF. The exploit leverages an arbitrary dereference in the CLODProgressiveMeshContinuation block to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Acrobat Reader <=8.1.6, <=9.1.3
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb

This Metasploit module exploits a heap-based buffer overflow in Adobe Reader/Acrobat via a malformed U3D file embedded in a PDF. It uses JavaScript heap spraying to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader/Acrobat < 7.1.4, < 8.1.7, < 9.2
No auth needed
Prerequisites: Victim opens malicious PDF
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36638
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6371
Patch, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023007
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-15.html
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2898

Scores

EPSS 0.8795
EPSS Percentile 99.5%

Details

VulnCheck KEV 2010-01-20
CWE
CWE-189
Status published
Products (50)
adobe/acrobat 7.0
adobe/acrobat 7.0.1
adobe/acrobat 7.0.2
adobe/acrobat 7.0.3
adobe/acrobat 7.0.4
adobe/acrobat 7.0.5
adobe/acrobat 7.0.6
adobe/acrobat 7.0.7
adobe/acrobat 7.0.8
adobe/acrobat 7.0.9
... and 40 more
Published Oct 19, 2009
Tracked Since Feb 18, 2026