Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-4324

Published: 15/12/2009 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 945
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x prior to 9.3, and 8.x prior to 8.2 on Windows and Mac OS X, allows remote malicious users to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe acrobat reader 3.0

adobe acrobat reader 4.0

adobe acrobat reader 5.0.11

adobe acrobat reader 5.0.5

adobe acrobat 6.0.4

adobe acrobat 6.0.5

adobe acrobat 7.0.6

adobe acrobat 7.0.7

adobe acrobat reader 5.1

adobe acrobat reader 6.0

adobe acrobat reader 7.0.2

adobe acrobat reader 7.0.3

adobe acrobat reader 8.0

adobe acrobat reader 8.1

adobe acrobat reader

adobe acrobat reader 4.0.5c

adobe acrobat reader 4.5

adobe acrobat reader 5.0.9

adobe acrobat 6.0

adobe acrobat 7.0.2

adobe acrobat 7.0.3

adobe acrobat 8.0

adobe acrobat 8.1

adobe acrobat reader 6.0.3

adobe acrobat reader 6.0.4

adobe acrobat reader 6.0.5

adobe acrobat reader 7.0.6

adobe acrobat reader 7.0.7

adobe acrobat reader 9.1

adobe acrobat reader 5.0

adobe acrobat reader 5.0.10

adobe acrobat 6.0.1

adobe acrobat 6.0.2

adobe acrobat 6.0.3

adobe acrobat 7.0.4

adobe acrobat 7.0.5

adobe acrobat 8.1.1

adobe acrobat 8.1.2

adobe acrobat reader 7.0

adobe acrobat reader 7.0.1

adobe acrobat reader 7.0.8

adobe acrobat reader 7.0.9

adobe acrobat reader 8.1.1

adobe acrobat reader 4.0.5

adobe acrobat reader 4.0.5a

adobe acrobat reader 5.0.6

adobe acrobat reader 5.0.7

adobe acrobat 7.0

adobe acrobat 7.0.1

adobe acrobat 7.0.8

adobe acrobat 7.0.9

adobe acrobat reader 6.0.1

adobe acrobat reader 6.0.2

adobe acrobat reader 7.0.4

adobe acrobat reader 7.0.5

adobe acrobat reader 8.1.2

adobe acrobat reader 9.0

Vendor Advisories

Red Hat: Critical: acroread security and bug fix update
Synopsis Critical: acroread security and bug fix update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 5 SupplementaryThis update has been rated as having critical security impact by th ...
Red Hat: Critical: acroread security update
Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 ExtrasThis update has been rated as having critical security impact by the RedHat Security Response Team ...
Red Hat: Critical: acroread security update
Synopsis Critical: acroread security update Type/Severity Security Advisory: Critical Topic The acroread packages as shipped in Red Hat Enterprise Linux 3 Extrascontain security flaws and should not be usedThis update has been rated as having critical security impact by the RedHat Security Response Team ...

Exploits

Exploit DB: Adobe Reader / Acrobat Use-After-Free Calc.exe
Proof of concept code that generates a PDF file to be loaded by Adobe Reader or Acrobat It demonstrates a use-after-free vulnerability by spawning calcexe ...
Exploit DB: Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (2)
## # $Id: adobe_media_newplayerrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' req ...
Exploit DB: Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (1)
## # $Id: adobe_media_newplayerrb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' r ...
Exploit DB: Adobe Reader / Acrobat - '.PDF' File Overflow
# # Author : Ahmed Obied (ahmedobied@gmailcom) # # This program generates a PDF file that exploits a vulnerability (CVE-2009-4324) # in Adobe Reader and Acrobat The generated PDF file was tested using Adobe # Reader 920 on Windows XP SP3 The exploit's payload spawns the calculator # # Usage : python adobe_newplayerpy [output fi ...

Recent Articles

Japan Quake Spam leads to Malware Part 3
Securelist • Nicolas Brulez • 21 Mar 2011

Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. This is a follow up blog describing the exploits used. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit. Here is an interesting picture from the servers hosting the exploit kit: You can see below another example from the spam campaign, this time pretending to be an email from Twitter: The ...

Read more...
End of the Line for the Bredolab Botnet?
Securelist • Alexei Kadiev • 20 Dec 2010

On 25 October 2010, the Dutch police force’s Cybercrime Department announced the shutdown of 143 Bredolab botnet control servers. The next day at Armenia’s Yerevan international airport, one of those formerly responsible for running the botnet was arrested. While it is certainly possible that this marked the end of Bredolab, the technologies behind it remain and can, unfortunately, still be used to create new botnets. Malicious programs from the Backdoor.Win32.Bredolab family were first dete...

Read more...
Adobe Reader vuln hit with unusually advanced attack
The Register • Dan Goodin • 04 Jan 2010

Eight more days to go

With more than a week until Adobe is scheduled to patch a critical vulnerability in its Reader and Acrobat applications, online thugs are targeting it with an unusually sophisticated attack. The PDF file uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into 38 bytes, a tiny size that's designed to thwart anti-virus detection. As a result, just four of the 41 major AV programs detect the attack more than six days after the exploit surfaced, according...

Read more...

References

CWE-399http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.htmlhttp://www.symantec.com/connect/blogs/zero-day-xmas-presenthttp://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rbhttp://www.securityfocus.com/bid/37331http://secunia.com/advisories/37690http://osvdb.org/60980http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.htmlhttp://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214http://www.vupen.com/english/advisories/2009/3518http://www.kb.cert.org/vuls/id/508357http://www.adobe.com/support/security/advisories/apsa09-07.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-02.htmlhttp://www.us-cert.gov/cas/techalerts/TA10-013A.htmlhttp://www.vupen.com/english/advisories/2010/0103http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttp://secunia.com/advisories/38138http://secunia.com/advisories/38215https://bugzilla.redhat.com/show_bug.cgi?id=547799http://www.redhat.com/support/errata/RHSA-2010-0060.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/54747https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795https://access.redhat.com/errata/RHSA-2010:0037https://nvd.nist.govhttps://www.exploit-db.com/exploits/16623/https://www.kb.cert.org/vuls/id/508357
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook