KEV 2009
15 CISA Known Exploited Vulnerabilities from 2009
Critical 1
March 2022
High 12
May 2026
DirectX DirectShow QuickTime Parser — NULL Byte Overwrite in quartz.dll via Malicious .mov File Enables RCE; MS09-028 June 2009
CVSS 8.8Adobe Reader and Acrobat — Heap Buffer Overflow via Crafted PDF Enables RCE; APSB09-15 Emergency Out-of-Band Patch October 2009
CVSS 8.8April 2026
January 2026
June 2022
Adobe Acrobat and Reader — Array Bounds Violation in Universal 3D (U3D) Processing Enables Remote Code Execution via Malicious PDF
CVSS 8.8Microsoft Office Excel — Malformed Record Object in .XLS File Enables Remote Code Execution
CVSS 7.8Microsoft Office Word — Crafted Tag with Invalid Length Field Triggers Buffer Overflow and Code Execution
CVSS 7.8Adobe Flash Player / Acrobat and Reader — Flash Memory Corruption Enables Code Execution via PDF with Embedded Flash Content
CVSS 7.8Adobe Acrobat and Reader — newplayer() JavaScript Method Use-After-Free Zero-Day Enables Code Execution via Malicious PDF
CVSS 7.8March 2022
Adobe Reader and Acrobat — Stack Buffer Overflow Enables Remote Code Execution via Malicious PDF; Exploited Before Patch
CVSS 8.8Microsoft Windows Kernel — Improper Validation of Kernel Object Changes Enables Local Privilege Escalation via Crafted Application
CVSS 7.8Microsoft Excel — FEATHEADER Record Invalid cbHdrData Field Corrupts Pointer Offset; Code Execution via Malicious Spreadsheet
CVSS 7.8