[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4324Date: (C)2009-12-14   (M)2024-02-22


Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-37331
SECUNIA-37690
SECUNIA-38138
SECUNIA-38215
OSVDB-60980
ADV-2009-3518
ADV-2010-0103
RHSA-2010:0060
SUSE-SA:2010:008
TA10-013A
VU#508357
acro-reader-unspecifed-code-execution(54747)
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
http://www.symantec.com/connect/blogs/zero-day-xmas-present
https://bugzilla.redhat.com/show_bug.cgi?id=547799
oval:org.mitre.oval:def:6795

CPE    57
cpe:/a:adobe:acrobat_reader:6.0
cpe:/a:adobe:acrobat_reader:4.0
cpe:/a:adobe:acrobat_reader:6.0.2
cpe:/a:adobe:acrobat_reader:6.0.1
...
CWE    1
CWE-399
OVAL    5
oval:org.secpod.oval:def:5337
oval:org.mitre.oval:def:6795
oval:org.secpod.oval:def:9998
oval:org.secpod.oval:def:5329
...

© SecPod Technologies