CVE-2009-3958

NOS Microsystems getPlus Helper <1.6.2.49 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3958. PoCs published by superli.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in the ActiveX control (CLSID: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}) by supplying an excessively long string to the 'Service-URL' parameter, leading to remote code execution.

Description

Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.

Exploits (1)

exploitdb WORKING POC
by superli · htmlremotewindows
https://www.exploit-db.com/exploits/11172

This exploit leverages a buffer overflow vulnerability in the ActiveX control (CLSID: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}) by supplying an excessively long string to the 'Service-URL' parameter, leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ActiveX control (CLSID: {E2883E8F-472F-4fb0-9522-AC9BF37916A7})
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023446
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8455
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37759
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb10-02.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0103
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55556
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/773545
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-013A.html

Scores

EPSS 0.5259
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (50)
adobe/acrobat 3.0
adobe/acrobat 3.1
adobe/acrobat 4.0
adobe/acrobat 4.0.5
adobe/acrobat 4.0.5a
adobe/acrobat 4.0.5c
adobe/acrobat 5.0
adobe/acrobat 5.0.5
adobe/acrobat 5.0.6
adobe/acrobat 5.0.10
... and 40 more
Published Jan 13, 2010
Tracked Since Feb 18, 2026