Security bulletin

Security updates available for buffer overflow issues in Adobe Reader and Acrobat

Release date: May 1, 2009

Last Updated: May 12, 2009

Vulnerability identifier: APSA09-02

CVE number: CVE-2009-1492, CVE-2009-1493

Platform: All Platforms


A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system. A second vulnerability has also been reported that appears to affect Adobe Reader for UNIX only (CVE-2009-1493).

Adobe has released product updates to Adobe Reader and Acrobat to resolve the relevant security issues. For more information, please refer to Security Bulletin APSB09-06.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: or by subscribing to the RSS feed here:

Affected software versions

Adobe Reader 9.1 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9.1 and earlier versions

Severity rating

Adobe categorizes this as a critical update and recommends that users apply the update for their product installations.


May 12, 2009 - Advisory updated
May 1, 2009 - Advisory first created