CVE-2009-2990 [Critical] | Security Vulnerability in Acrobat

EDB-ID	Source	Kind	Published	Link
16309	exploit_db	edb	2010-09-20	Exploit-DB ↗
9990	exploit_db	edb	2009-11-09	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

16309

exploit_db

edb

2010-09-20

Exploit-DB ↗

9990

exploit_db

edb

2009-11-09

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-29	87.95%	88.47%	+0.52%
2	2026-05-07	89.12%	87.95%	-1.17%
3	2026-02-09	—	89.12%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-05-29

87.95%

88.47%

+0.52%

2026-05-07

89.12%

87.95%

-1.17%

2026-02-09

—

89.12%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.3	2.0	HIGH	`AV:N/AC:M/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	8.6	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.3

2.0

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

8.6

10.0

[email protected]

OS Trackers for CVE-2009-2990

vendor	priority	summary	link
`gentoo`	normal	CVE-2009-2990: 1 GLSA(s) (200910-03), 1 atom(s) (app-text/acroread); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2009-2990
`redhat`	critical	—	https://access.redhat.com/security/cve/CVE-2009-2990
`ubuntu`	medium	CVE-2009-2990 medium priority: Ubuntu including 1 source packages (acroread), 6 status rows across 6 suites (dapper, hardy, intrepid, jaunty, karmic, upstream): released 5, ignored 1.	https://ubuntu.com/security/CVE-2009-2990

NVD evaluator notes for CVE-2009-2990

Impact: Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Summary Critical vulnerabilities have been identified in Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. This update represents the second quarterly security update for Adobe Reader and Acrobat. Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX. Affected software versions Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.1.3 and earlier versions for Windows and Macintosh

Solution: Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Solution Adobe Reader Adobe Reader users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows. Adobe Reader users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh. Adobe Reader users on UNIX can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix. Acrobat Acrobat Standard and Pro users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows. Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows Acrobat 3D users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows. Acrobat Pro users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

Affected software / configurations for CVE-2009-2990

Vendor	Product	Version	Raw CPE
adobe	acrobat	<= 9.1.3	cpe:2.3:a:adobe:acrobat::::::::
adobe	acrobat	7.0	cpe:2.3:a:adobe:acrobat:7.0:::::::*
adobe	acrobat	7.0.1	cpe:2.3:a:adobe:acrobat:7.0.1:::::::*
adobe	acrobat	7.0.2	cpe:2.3:a:adobe:acrobat:7.0.2:::::::*
adobe	acrobat	7.0.3	cpe:2.3:a:adobe:acrobat:7.0.3:::::::*
adobe	acrobat	7.0.4	cpe:2.3:a:adobe:acrobat:7.0.4:::::::*
adobe	acrobat	7.0.5	cpe:2.3:a:adobe:acrobat:7.0.5:::::::*
adobe	acrobat	7.0.6	cpe:2.3:a:adobe:acrobat:7.0.6:::::::*
adobe	acrobat	7.0.7	cpe:2.3:a:adobe:acrobat:7.0.7:::::::*
adobe	acrobat	7.0.8	cpe:2.3:a:adobe:acrobat:7.0.8:::::::*
adobe	acrobat	7.0.9	cpe:2.3:a:adobe:acrobat:7.0.9:::::::*
adobe	acrobat	7.1.0	cpe:2.3:a:adobe:acrobat:7.1.0:::::::*
adobe	acrobat	7.1.1	cpe:2.3:a:adobe:acrobat:7.1.1:::::::*
adobe	acrobat	7.1.3	cpe:2.3:a:adobe:acrobat:7.1.3:::::::*
adobe	acrobat	8.0	cpe:2.3:a:adobe:acrobat:8.0:::::::*
adobe	acrobat	8.1	cpe:2.3:a:adobe:acrobat:8.1:::::::*
adobe	acrobat	8.1.1	cpe:2.3:a:adobe:acrobat:8.1.1:::::::*
adobe	acrobat	8.1.2	cpe:2.3:a:adobe:acrobat:8.1.2:::::::*
adobe	acrobat	8.1.3	cpe:2.3:a:adobe:acrobat:8.1.3:::::::*
adobe	acrobat	8.1.4	cpe:2.3:a:adobe:acrobat:8.1.4:::::::*
adobe	acrobat	8.1.6	cpe:2.3:a:adobe:acrobat:8.1.6:::::::*
adobe	acrobat	9.0	cpe:2.3:a:adobe:acrobat:9.0:::::::*
adobe	acrobat	9.1.1	cpe:2.3:a:adobe:acrobat:9.1.1:::::::*
adobe	acrobat	9.1.2	cpe:2.3:a:adobe:acrobat:9.1.2:::::::*
adobe	acrobat_reader	<= 9.1.3	cpe:2.3:a:adobe:acrobat_reader::::::::
adobe	acrobat_reader	7.0	cpe:2.3:a:adobe:acrobat_reader:7.0:::::::*
adobe	acrobat_reader	7.0.1	cpe:2.3:a:adobe:acrobat_reader:7.0.1:::::::*
adobe	acrobat_reader	7.0.2	cpe:2.3:a:adobe:acrobat_reader:7.0.2:::::::*
adobe	acrobat_reader	7.0.3	cpe:2.3:a:adobe:acrobat_reader:7.0.3:::::::*
adobe	acrobat_reader	7.0.4	cpe:2.3:a:adobe:acrobat_reader:7.0.4:::::::*
adobe	acrobat_reader	7.0.5	cpe:2.3:a:adobe:acrobat_reader:7.0.5:::::::*
adobe	acrobat_reader	7.0.6	cpe:2.3:a:adobe:acrobat_reader:7.0.6:::::::*
adobe	acrobat_reader	7.0.7	cpe:2.3:a:adobe:acrobat_reader:7.0.7:::::::*
adobe	acrobat_reader	7.0.8	cpe:2.3:a:adobe:acrobat_reader:7.0.8:::::::*
adobe	acrobat_reader	7.0.9	cpe:2.3:a:adobe:acrobat_reader:7.0.9:::::::*
adobe	acrobat_reader	7.1.0	cpe:2.3:a:adobe:acrobat_reader:7.1.0:::::::*
adobe	acrobat_reader	7.1.1	cpe:2.3:a:adobe:acrobat_reader:7.1.1:::::::*
adobe	acrobat_reader	7.1.3	cpe:2.3:a:adobe:acrobat_reader:7.1.3:::::::*
adobe	acrobat_reader	8.0	cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*
adobe	acrobat_reader	8.1	cpe:2.3:a:adobe:acrobat_reader:8.1:::::::*
adobe	acrobat_reader	8.1.1	cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::*
adobe	acrobat_reader	8.1.2	cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::*
adobe	acrobat_reader	8.1.3	cpe:2.3:a:adobe:acrobat_reader:8.1.3:::::::*
adobe	acrobat_reader	8.1.4	cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::*
adobe	acrobat_reader	8.1.5	cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::*
adobe	acrobat_reader	8.1.6	cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::*
adobe	acrobat_reader	9.0	cpe:2.3:a:adobe:acrobat_reader:9.0:::::::*
adobe	acrobat_reader	9.1	cpe:2.3:a:adobe:acrobat_reader:9.1:::::::*
adobe	acrobat_reader	9.1.1	cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::*
adobe	acrobat_reader	9.1.2	cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::*

References for CVE-2009-2990

URL	Tags
http://securitytracker.com/id?1023007
http://www.adobe.com/support/security/bulletins/apsb09-15.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/36638
http://www.us-cert.gov/cas/techalerts/TA09-286B.html	Patch US Government Resource
http://www.vupen.com/english/advisories/2009/2898	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6371

URL

CVE-2009-2990

Public exploit references (Exploit-DB) for CVE-2009-2990

Exploit prediction scoring system (EPSS) score for CVE-2009-2990

Common vulnerability scoring system (CVSS) metrics for CVE-2009-2990

Weakness enumeration for CVE-2009-2990

OS Trackers for CVE-2009-2990

NVD evaluator notes for CVE-2009-2990

Affected software / configurations for CVE-2009-2990

References for CVE-2009-2990