CVE-2009-2994

Adobe Acrobat and Reader < 9.1.3 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2994. PoCs published by Felipe Andres Manzano.

AI-analyzed exploit summary This exploit targets CVE-2009-2994, a memory corruption vulnerability in Adobe Acrobat Reader's U3D plugin. It constructs a malicious PDF with a crafted CLODMeshDeclaration to trigger an array overrun, potentially leading to arbitrary code execution.

Description

Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Felipe Andres Manzano · pythonlocalwindows

https://www.exploit-db.com/exploits/9865

View Code ZIP pw:eip

This exploit targets CVE-2009-2994, a memory corruption vulnerability in Adobe Acrobat Reader's U3D plugin. It constructs a malicious PDF with a crafted CLODMeshDeclaration to trigger an array overrun, potentially leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: Adobe Acrobat Reader 7.x, 8.x, 9.x

No auth needed

Prerequisites: Victim must open the malicious PDF file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36638

Patch, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023007

Patch, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb09-15.html

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2898

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6156

Scores

EPSS 0.1845

EPSS Percentile 96.9%

Details

CWE

CWE-119

Status published

Products (50)

adobe/acrobat 7.0

adobe/acrobat 7.0.1

adobe/acrobat 7.0.2

adobe/acrobat 7.0.3

adobe/acrobat 7.0.4

adobe/acrobat 7.0.5

adobe/acrobat 7.0.6

adobe/acrobat 7.0.7

adobe/acrobat 7.0.8

adobe/acrobat 7.0.9

... and 40 more

Published Oct 19, 2009

Tracked Since Feb 18, 2026