Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-4324 | First vendor Publication | 2009-12-14 |
Vendor | Cve | Last vendor Modification | 2025-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.8 | ||
Base Score | 7.8 | Environmental Score | 7.8 |
impact SubScore | 5.9 | Temporal Score | 7.8 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | None | User Interaction | Required |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-416 | Use After Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21374 | |||
Oval ID: | oval:org.mitre.oval:def:21374 | ||
Title: | RHSA-2010:0037: acroread security and bug fix update (Critical) | ||
Description: | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0037-01 CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3956 CVE-2009-3959 CVE-2009-4324 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | acroread |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22917 | |||
Oval ID: | oval:org.mitre.oval:def:22917 | ||
Title: | ELSA-2010:0037: acroread security and bug fix update (Critical) | ||
Description: | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0037-01 CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3956 CVE-2009-3959 CVE-2009-4324 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | acroread |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6795 | |||
Oval ID: | oval:org.mitre.oval:def:6795 | ||
Title: | Adobe Reader and Acrobat Unspecified Code Execution Vulnerability | ||
Description: | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4324 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Adobe Reader media.newPlayer Use-After-Free Code Execution | More info here |
ExploitDB Exploits
id | Description |
---|---|
2009-12-23 | Adobe Reader and Acrobat (CVE-2009-4324) Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-05 (acroread) File : nvt/glsa_201009_05.nasl |
2010-01-29 | Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl |
2010-01-16 | Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Jan10 (Win) File : nvt/gb_adobe_prdts_mult_vuln_jan10_win.nasl |
2010-01-16 | Name : Adobe Reader Multiple Vulnerabilities -jan10 (Linux) File : nvt/gb_adobe_reader_mult_vuln_jan10_lin.nasl |
2009-12-21 | Name : Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux) File : nvt/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl |
2009-12-21 | Name : Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerabil... File : nvt/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60980 | Adobe Reader / Acrobat Doc.media.newPlayer Use-After-Free Arbitrary Code Exec... Acrobat and Reader contain a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a use-after-free condition in Doc.media.newPlayer when parsing a specially crafted PDF file. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28743 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28742 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28741 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28740 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28739 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28738 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28737 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28736 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28735 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28734 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28733 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28732 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28731 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28730 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28729 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28728 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt RuleID : 28454 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 23506 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt RuleID : 23505 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt RuleID : 16334 - Revision : 18 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 16333 - Revision : 18 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0037.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0038.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0060.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6802.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6803.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6804.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6805.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-05.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-100128.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-100122.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-100122.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-100122.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-100122.nasl - Type : ACT_GATHER_INFO |
2010-01-13 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb10-02.nasl - Type : ACT_GATHER_INFO |
2010-01-13 | Name : The PDF file viewer on the remote Windows host is affected by multiple vulner... File : adobe_reader_apsb10-02.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2025-02-13 21:22:23 |
|
2025-02-05 00:21:48 |
|
2024-12-19 21:21:26 |
|
2024-11-28 23:09:45 |
|
2024-11-28 12:20:23 |
|
2024-10-12 01:12:17 |
|
2024-09-06 01:11:51 |
|
2024-07-20 01:11:19 |
|
2024-06-28 21:28:01 |
|
2022-10-19 01:09:15 |
|
2021-05-04 12:10:36 |
|
2021-04-22 01:11:04 |
|
2020-05-23 13:16:54 |
|
2020-05-23 01:41:12 |
|
2020-05-23 00:24:42 |
|
2018-10-31 00:20:00 |
|
2017-09-19 09:23:31 |
|
2017-08-17 09:22:48 |
|
2016-06-28 17:55:25 |
|
2016-04-26 19:19:06 |
|
2014-02-17 10:52:41 |
|
2014-01-19 21:26:24 |
|
2013-05-11 00:02:26 |
|