CVE-2009-4324

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Published: Dec 15, 2009
Updated: Jun 29, 2024
CVE: CVE-2009-4324
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-416
CWE-399

Affected Software
References

Software	From	Fixed in
adobe / acrobat	8.0	8.2
adobe / acrobat	9.0	9.3
adobe / acrobat_reader	8.0	8.2
adobe / acrobat_reader	9.0	9.3
opensuse / opensuse	11.1	11.1.x
opensuse / opensuse	11.2	11.2.x
suse / linux_enterprise_debuginfo	11	11.x
suse / linux_enterprise	10.0-sp3	10.0-sp3.x
suse / linux_enterprise	10.0-sp2	10.0-sp2.x

http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://osvdb.org/60980
http://secunia.com/advisories/37690
http://secunia.com/advisories/38138
http://secunia.com/advisories/38215
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.kb.cert.org/vuls/id/508357
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
http://www.redhat.com/support/errata/RHSA-2010-0060.html
http://www.securityfocus.com/bid/37331
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
http://www.symantec.com/connect/blogs/zero-day-xmas-present
http://www.us-cert.gov/cas/techalerts/TA10-013A.html
http://www.vupen.com/english/advisories/2009/3518
http://www.vupen.com/english/advisories/2010/0103
https://bugzilla.redhat.com/show_bug.cgi?id=547799
https://exchange.xforce.ibmcloud.com/vulnerabilities/54747
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795

Vulnerability Database

289,599

CVE-2009-4324