CVE-2009-3459 is a critical remote code execution (RCE) vulnerability affecting Adobe Reader and Adobe Acrobat.

The vulnerability is caused by a buffer overflow and memory corruption flaw in the handling of specially crafted PDF files containing embedded JavaScript and malformed objects.

The vulnerability affects:

• Adobe Reader 9.1 and earlier
• Adobe Acrobat 9.1 and earlier

Affected platforms include:

• Microsoft Windows
• macOS
• Linux systems running vulnerable Adobe software

This vulnerability is wormable, meaning it can spread automatically across networks without user interaction.

Typical exploitation flow:

1. Malicious PDF creation
o The attacker crafts a PDF containing malformed objects or malicious JavaScript.

2. Delivery to victim
The PDF is distributed through:
o Phishing emails
o Malicious websites
o File-sharing platforms

3. Victim opens the PDF
o The file is opened using a vulnerable version of Adobe Reader or Acrobat.

4. Memory corruption triggered
o Improper parsing causes a buffer overflow or heap corruption condition.

5. Remote code execution
o The attacker executes arbitrary code with the privileges of the logged-in user.

CERTVU recommends the following:

Apply Adobe Security Updates (Critical)

• Upgrade to patched versions of:
  o Adobe Reader
  o Adobe Acrobat
• Apply Adobe security bulletin updates released after 2009