20 May 2026
Reference: CVE-2009-3459
1. What is being reported?
The report highlights a long-standing security weakness in Adobe Acrobat and Reader software versions before certain updates. Attackers can exploit this flaw by sending specially crafted PDF files that cause the software to malfunction and allow the attacker to take control of the affected computer.
2. What this means in plain English
For small organisations, this means that opening a malicious PDF could lead to serious security breaches, including theft of sensitive information or damage to your computer systems. If your Adobe software is outdated, your organisation could be vulnerable to these attacks.
3. Could this affect a small business?
Any small business, charity, or club using older versions of Adobe Acrobat or Reader may be at risk. Those who have updated their software to the latest versions or do not use these products are less likely to be affected.
4. What to do now
- Check which version of Adobe Acrobat or Reader you are using.
- Apply all available updates and patches from Adobe immediately.
- If updates are not available, consider discontinuing use of the affected software.
- Consult your IT provider to ensure any cloud services using these products follow recommended security guidance.
5. Ask your IT provider
Can you confirm if our Adobe Acrobat and Reader software is up to date and protected against the known heap-based buffer overflow vulnerability reported in CVE-2009-3459?
6. Bottom line
Keep your Adobe software updated or stop using it to avoid being exploited by attackers using malicious PDFs.
Information based on CISA KEV, NVD, and reputable security reporting.