What is the CVSS score of CVE-2009-0927?

CVE-2009-0927 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 93.3%.

Which versions of Adobe are affected by CVE-2009-0927?

Organizations using Adobe Reader and Adobe Acrobat 9 face significant risk from CVE-2009-0927, a input validation vulnerability rated CVSS 8.8.. A patch is available.

Is there a public PoC exploit available for CVE-2009-0927?

Yes, a public proof-of-concept exploit is available for CVE-2009-0927. Prioritise patching immediately. EPSS: 93.3%.

How to fix or mitigate CVE-2009-0927?

Within 24 hours: Identify all affected systems running Adobe Reader and Adobe Acrobat 9 and apply vendor patches immediately. Vendor patch is available.

Adobe CVE-2009-0927

HIGH

Improper Input Validation (CWE-20)

2009-03-19 cve@mitre.org

Adobe Buffer Overflow RCE

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:17 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 01:15 nvd

Patch available

CVE Published

Mar 19, 2009 - 10:30 nvd

HIGH 8.8

DescriptionCVE.org

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.

AnalysisAI

Adobe Reader and Acrobat 9.x, 8.x, and 7.x contain a stack-based buffer overflow in the getIcon method of the Collab object that allows remote attackers to execute arbitrary code via a crafted PDF argument.

Technical ContextAI

The CWE-20 vulnerability is triggered when a PDF contains JavaScript that calls Collab.getIcon() with an overly long argument, overflowing the stack buffer and allowing the attacker to control the instruction pointer for arbitrary code execution.

RemediationAI

Upgrade to patched Adobe Reader/Acrobat versions. Modern systems should use alternative PDF readers with sandboxing. Disable JavaScript execution in PDF readers where possible.