CVE-2009-3431

Adobe Acrobat 9.x < 9.1.3, 8.x < 8.1.6, 7.x < 7.1.4 - Denial of Service via PDF Alert Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3431. PoCs published by Saint Patrick.

AI-analyzed exploit summary The provided text describes a stack-exhaustion vulnerability in Adobe Acrobat 9.1.1, leading to a denial-of-service (DoS) condition. Code execution is deemed unlikely, and the issue stems from inadequate boundary checks on user-supplied data.

Description

Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Saint Patrick · textdoslinux

https://www.exploit-db.com/exploits/33017

View Code ZIP pw:eip

The provided text describes a stack-exhaustion vulnerability in Adobe Acrobat 9.1.1, leading to a denial-of-service (DoS) condition. Code execution is deemed unlikely, and the issue stems from inadequate boundary checks on user-supplied data.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Acrobat 9.1.1

No auth needed

Prerequisites: User interaction to open a malicious PDF file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb09-15.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023007

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6532

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2898

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35148

Scores

EPSS 0.2143

EPSS Percentile 97.3%

Details

CWE

CWE-119

Status published

Products (18)

adobe/acrobat 7.0 (3 CPE variants)

adobe/acrobat 7.0.1 (3 CPE variants)

adobe/acrobat 7.0.2 (3 CPE variants)

adobe/acrobat 7.0.3 (3 CPE variants)

adobe/acrobat 7.0.4 (3 CPE variants)

adobe/acrobat 7.0.5 (3 CPE variants)

adobe/acrobat 7.0.6 (3 CPE variants)

adobe/acrobat 7.0.7 (3 CPE variants)

adobe/acrobat 7.0.8 (4 CPE variants)

adobe/acrobat 7.0.9 (2 CPE variants)

... and 8 more

Published Sep 25, 2009

Tracked Since Feb 18, 2026