9.3 - VU#508357

Executive Summary

Summary
Title	Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method

Informations
Name	VU#508357	First vendor Publication	2009-12-15
Vendor	VU-CERT	Last vendor Modification	2010-06-18
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#508357

Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method

Overview

The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Adobe Reader and the Adobe Acrobat family of software are designed to create, view, and edit Portable Document Format (PDF) files. Adobe Reader is widely deployed, and the Acrobat Reader Plug-In displays PDF inside a web browser.

Adobe Reader and Acrobat support JavaScript. The newplayer() method of the Doc.media object contains a use-after-free vulnerability, which can result in an exploitable memory access violation. This vulnerability is currently being exploited in the wild. Exploit code for this vulnerability is publicly available.

II. Impact

By convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.

III. Solution

Apply an update

This issue is addressed in Adobe Reader 9.3 and 8.2. Please see Adobe Security Bulletin APSB10-02 for details. Please also consider the following workarounds:

Enable Data Execution Prevention (DEP) in Microsoft Windows

Consider enabling Data Execution Prevention (DEP) in supported versions of Windows. DEP should not be treated as a complete workaround, but it can help mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts "Understanding DEP as a mitigation technology" part 1 and part 2. Use of DEP should be considered in conjunction with the application of patches or other mitigations described in this document.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript prevents these vulnerabilities from being exploited and reduces attack surface. If this workaround is applied to updated versions of Adobe Reader and Acrobat, it may protect against future vulnerabilities.

To disable JavaScript in Adobe Reader:

Open Adobe Acrobat Reader.
Open the Edit menu.
Choose the Preferences... option.
Choose the JavaScript section.
Uncheck the Enable Acrobat JavaScript checkbox.

Disabling JavaScript will not resolve the vulnerabilities, it will only disable the vulnerable JavaScript component. When JavaScript is disabled, Adobe Reader and Acrobat prompt to re-enable JavaScript when opening a PDF that contains JavaScript.

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOTAcroExch.Document.7]

"EditFlags"=hex:00,00,00,00

Disable the displaying of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser reduces attack surface. If this workaround is applied to updated versions of Adobe Reader and Acrobat, it may protect against future vulnerabilities.

To prevent PDF documents from automatically being opened in a web browser with Adobe Reader:

Open Adobe Acrobat Reader.
Open the Edit menu.
Choose the Preferences... option.
Choose the Internet section.
Uncheck the Display PDF in browser checkbox.

Block the use of the Doc.media.newPlayer method

This specific vulnerability can be mitigated by blocking the use of the newPlayer() method through use of the Adobe Reader and Acrobat JavaScript Blacklist Framework. Windows users can obtain a ZIP file of .REG files that disable the newPlayer() method of the Doc.media object. Upon opening a PDF that attempts to use this method, Adobe Reader and Acrobat will warn the user that a JavaScript that the document uses is disabled for security reasons. Mac and Linux users should see the Blacklist Framework document for details about how to implement the workaround.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Adobe	Vulnerable	2009-12-15	2010-01-13

References

http://www.adobe.com/support/security/advisories/apsa09-07.html
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://kb2.adobe.com/cps/532/cpsid_53237.html
http://osvdb.org/show/osvdb/60980
http://secunia.com/advisories/37690/
http://www.symantec.com/connect/blogs/zero-day-xmas-present
http://voices.washingtonpost.com/securityfix/2009/12/hackers_target_unpatched_adobe.html
http://vrt-sourcefire.blogspot.com/2009/12/this-is-what-happens-when-you-try-to-do.html

Credit

Thanks to Adobe PSIRT for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:	2009-12-14
Date First Published:	2009-12-15
Date Last Updated:	2010-06-18
CERT Advisory:
CVE-ID(s):	CVE-2009-4324
NVD-ID(s):	CVE-2009-4324
US-CERT Technical Alerts:
Metric:	65.84
Document Revision:	18

Original Source

Url : http://www.kb.cert.org/vuls/id/508357

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21374

Oval ID:	oval:org.mitre.oval:def:21374
Title:	RHSA-2010:0037: acroread security and bug fix update (Critical)
Description:	Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0037-01 CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3956 CVE-2009-3959 CVE-2009-4324	Version:	81
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	acroread
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section acroread-plugin is earlier than 0:9.3-1.el5 AND acroread is earlier than 0:9.3-1.el5

Definition Id: oval:org.mitre.oval:def:22917

Oval ID:	oval:org.mitre.oval:def:22917
Title:	ELSA-2010:0037: acroread security and bug fix update (Critical)
Description:	Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0037-01 CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3956 CVE-2009-3959 CVE-2009-4324	Version:	29
Platform(s):	Oracle Linux 5	Product(s):	acroread
Definition Synopsis:
Oracle Linux 5.x rpm test acroread-plugin is earlier than 0:9.3-1.el5 AND acroread is earlier than 0:9.3-1.el5

Definition Id: oval:org.mitre.oval:def:6795

Oval ID:	oval:org.mitre.oval:def:6795
Title:	Adobe Reader and Acrobat Unspecified Code Execution Vulnerability
Description:	Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-4324	Version:	16
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal 8.1.7 AND Adobe Reader library is less than or equal to 8.1.7 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal 9.2.0 AND Adobe Reader library is less than or equal to 9.2.0 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal 8.1.7 AND Adobe Acrobat library is less than or equal to 8.1.7 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal 9.2.0 AND Adobe Acrobat library is less than or equal to 9.2.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:2.3:a:adobe:acrobat:9.2:::::::* cpe:2.3:a:adobe:acrobat:9.2:-:::::: cpe:2.3:a:adobe:acrobat:9.1.3:::::::* cpe:2.3:a:adobe:acrobat:9.1.3:-:::::: cpe:2.3:a:adobe:acrobat:9.1.2:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:-:::::: cpe:2.3:a:adobe:acrobat:9.1:::::::* cpe:2.3:a:adobe:acrobat:9.1::standard::::: cpe:2.3:a:adobe:acrobat:9.1:-:pro:::::* cpe:2.3:a:adobe:acrobat:9.0.0:::::::* cpe:2.3:a:adobe:acrobat:9.0:::::::* cpe:2.3:a:adobe:acrobat:9.0::standard::::: cpe:2.3:a:adobe:acrobat:9.0::professional::::: cpe:2.3:a:adobe:acrobat:9.0:-:pro:::::* cpe:2.3:a:adobe:acrobat:9:::::::* cpe:2.3:a:adobe:acrobat:8.2.6:::::::* cpe:2.3:a:adobe:acrobat:8.2.5:::::::* cpe:2.3:a:adobe:acrobat:8.2.4:::::::* cpe:2.3:a:adobe:acrobat:8.2.3:::::::* cpe:2.3:a:adobe:acrobat:8.2.2:::::::* cpe:2.3:a:adobe:acrobat:8.2.1:::::::* cpe:2.3:a:adobe:acrobat:8.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.7:::::::* cpe:2.3:a:adobe:acrobat:8.1.6:::::::* cpe:2.3:a:adobe:acrobat:8.1.5:::::::* cpe:2.3:a:adobe:acrobat:8.1.4:::::::* cpe:2.3:a:adobe:acrobat:8.1.4::standard::::: cpe:2.3:a:adobe:acrobat:8.1.4::professional::::: cpe:2.3:a:adobe:acrobat:8.1.3:::::::* cpe:2.3:a:adobe:acrobat:8.1.3::standard::::: cpe:2.3:a:adobe:acrobat:8.1.3::professional::::: cpe:2.3:a:adobe:acrobat:8.1.3:-:pro:::::* cpe:2.3:a:adobe:acrobat:8.1.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.2::standard::::: cpe:2.3:a:adobe:acrobat:8.1.2::professional::::: cpe:2.3:a:adobe:acrobat:8.1.2:security_update:professional:::::* cpe:2.3:a:adobe:acrobat:8.1.2:unknown:3d:::::* cpe:2.3:a:adobe:acrobat:8.1.2:unknown:professional:::::* cpe:2.3:a:adobe:acrobat:8.1.2:unknown:standard:::::* cpe:2.3:a:adobe:acrobat:8.1.2:-:pro:::::* cpe:2.3:a:adobe:acrobat:8.1.1:::::::* cpe:2.3:a:adobe:acrobat:8.1.1::standard::::: cpe:2.3:a:adobe:acrobat:8.1.1::professional::::: cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:::::* cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:::::* cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:::::* cpe:2.3:a:adobe:acrobat:8.1:::::::* cpe:2.3:a:adobe:acrobat:8.1::standard::::: cpe:2.3:a:adobe:acrobat:8.1::windows::::: cpe:2.3:a:adobe:acrobat:8.0:::::::* cpe:2.3:a:adobe:acrobat:8.0::professional::::: cpe:2.3:a:adobe:acrobat:8.0::standard::::: cpe:2.3:a:adobe:acrobat:8.0:-:pro:::::* cpe:2.3:a:adobe:acrobat:8:::::::* cpe:2.3:a:adobe:acrobat:7.1.4:::::::* cpe:2.3:a:adobe:acrobat:7.1.3:::::::* cpe:2.3:a:adobe:acrobat:7.1.2:::::::* cpe:2.3:a:adobe:acrobat:7.1.1:::::::* cpe:2.3:a:adobe:acrobat:7.1.1::standard::::: cpe:2.3:a:adobe:acrobat:7.1.0:::::::* cpe:2.3:a:adobe:acrobat:7.1::standard::::: cpe:2.3:a:adobe:acrobat:7.1:::::::* cpe:2.3:a:adobe:acrobat:7.1::professional::::: cpe:2.3:a:adobe:acrobat:7.0.9:::::::* cpe:2.3:a:adobe:acrobat:7.0.9::professional::::: cpe:2.3:a:adobe:acrobat:7.0.8:::::::* cpe:2.3:a:adobe:acrobat:7.0.8::elements::::: cpe:2.3:a:adobe:acrobat:7.0.8::standard::::: cpe:2.3:a:adobe:acrobat:7.0.8::professional::::: cpe:2.3:a:adobe:acrobat:7.0.7:::::::* cpe:2.3:a:adobe:acrobat:7.0.7::professional::::: cpe:2.3:a:adobe:acrobat:7.0.7::standard::::: cpe:2.3:a:adobe:acrobat:7.0.6:::::::* cpe:2.3:a:adobe:acrobat:7.0.6::professional::::: cpe:2.3:a:adobe:acrobat:7.0.6::standard::::: cpe:2.3:a:adobe:acrobat:7.0.5:::::::* cpe:2.3:a:adobe:acrobat:7.0.5::professional::::: cpe:2.3:a:adobe:acrobat:7.0.5::standard::::: cpe:2.3:a:adobe:acrobat:7.0.4:::::::* cpe:2.3:a:adobe:acrobat:7.0.4::professional::::: cpe:2.3:a:adobe:acrobat:7.0.4::standard::::: cpe:2.3:a:adobe:acrobat:7.0.3:::::::* cpe:2.3:a:adobe:acrobat:7.0.3::professional::::: cpe:2.3:a:adobe:acrobat:7.0.3::standard::::: cpe:2.3:a:adobe:acrobat:7.0.2:::::::* cpe:2.3:a:adobe:acrobat:7.0.2::professional::::: cpe:2.3:a:adobe:acrobat:7.0.2::standard::::: cpe:2.3:a:adobe:acrobat:7.0.1:::::::* cpe:2.3:a:adobe:acrobat:7.0.1::professional::::: cpe:2.3:a:adobe:acrobat:7.0.1::standard::::: cpe:2.3:a:adobe:acrobat:7.0:::::::* cpe:2.3:a:adobe:acrobat:7.0::standard::::: cpe:2.3:a:adobe:acrobat:7.0::professional::::: cpe:2.3:a:adobe:acrobat:7.0:-:pro:::::* cpe:2.3:a:adobe:acrobat:7:::::::* cpe:2.3:a:adobe:acrobat:6.0.6:::::::* cpe:2.3:a:adobe:acrobat:6.0.5:::::::* cpe:2.3:a:adobe:acrobat:6.0.4:::::::* cpe:2.3:a:adobe:acrobat:6.0.4::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0.3:::::::* cpe:2.3:a:adobe:acrobat:6.0.3::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0.2:::::::* cpe:2.3:a:adobe:acrobat:6.0.2::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0.1:::::::* cpe:2.3:a:adobe:acrobat:6.0.1::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0:::::::* cpe:2.3:a:adobe:acrobat:6.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:5.0.6:::::::* cpe:2.3:a:adobe:acrobat:5.0.5:::::::* cpe:2.3:a:adobe:acrobat:5.0.5::mac_os_x::::: cpe:2.3:a:adobe:acrobat:5.0.10:::::::* cpe:2.3:a:adobe:acrobat:5.0.10::mac_os_x::::: cpe:2.3:a:adobe:acrobat:5.0:::::::* cpe:2.3:a:adobe:acrobat:5.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0.5c:::::::* cpe:2.3:a:adobe:acrobat:4.0.5c::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0.5a:::::::* cpe:2.3:a:adobe:acrobat:4.0.5a::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0.5:::::::* cpe:2.3:a:adobe:acrobat:4.0.5::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0:::::::* cpe:2.3:a:adobe:acrobat:4.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:3.1:::::::* cpe:2.3:a:adobe:acrobat:3.1::mac_os_x::::: cpe:2.3:a:adobe:acrobat:3.0:::::::* cpe:2.3:a:adobe:acrobat:3.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:::::::: cpe:2.3:a:adobe:acrobat:::::classic:::*	129
Application	Adobe Acrobat Reader cpe:2.3:a:adobe:acrobat_reader:9.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9:::::::* cpe:2.3:a:adobe:acrobat_reader:8.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:security_update:::::: cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1::windows::::: cpe:2.3:a:adobe:acrobat_reader:8.0:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.0:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.8:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.4::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.3::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.2::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.1::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0::reader_extensions::::: cpe:2.3:a:adobe:acrobat_reader:6.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.1:::::::* cpe:2.3:a:adobe:acrobat_reader:5.1::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.9::unix::::: cpe:2.3:a:adobe:acrobat_reader:5.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.5::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0.11:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.10:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.10::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5c:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5c::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0.5a:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5a::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:3.02:::::::* cpe:2.3:a:adobe:acrobat_reader:3.01:::::::* cpe:2.3:a:adobe:acrobat_reader:3.0:::::::* cpe:2.3:a:adobe:acrobat_reader:3.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:::::::: cpe:2.3:a:adobe:acrobat_reader:::::classic:::*	82

SAINT Exploits

Description	Link
Adobe Reader media.newPlayer Use-After-Free Code Execution	More info here

ExploitDB Exploits

id	Description
2009-12-23	Adobe Reader and Acrobat (CVE-2009-4324) Exploit

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201009-05 (acroread) File : nvt/glsa_201009_05.nasl
2010-01-29	Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl
2010-01-16	Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Jan10 (Win) File : nvt/gb_adobe_prdts_mult_vuln_jan10_win.nasl
2010-01-16	Name : Adobe Reader Multiple Vulnerabilities -jan10 (Linux) File : nvt/gb_adobe_reader_mult_vuln_jan10_lin.nasl
2009-12-21	Name : Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux) File : nvt/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl
2009-12-21	Name : Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerabil... File : nvt/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
60980	Adobe Reader / Acrobat Doc.media.newPlayer Use-After-Free Arbitrary Code Exec... Acrobat and Reader contain a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a use-after-free condition in Doc.media.newPlayer when parsing a specially crafted PDF file.

Snort® IPS/IDS

Date	Description
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28743 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28742 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28741 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28740 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28739 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28738 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28737 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28736 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28735 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28734 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28733 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28732 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28731 - Revision : 6 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28730 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28729 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 28728 - Revision : 6 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt RuleID : 28454 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 23506 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt RuleID : 23505 - Revision : 6 - Type : FILE-PDF
2014-01-10	Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10	Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt RuleID : 16334 - Revision : 18 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader media.newPlayer memory corruption attempt RuleID : 16333 - Revision : 18 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date	Description
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0037.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0038.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0060.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6802.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6803.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6804.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6805.nasl - Type : ACT_GATHER_INFO
2010-09-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-05.nasl - Type : ACT_GATHER_INFO
2010-02-02	Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-100128.nasl - Type : ACT_GATHER_INFO
2010-01-25	Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-25	Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-25	Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-25	Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-100122.nasl - Type : ACT_GATHER_INFO
2010-01-13	Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb10-02.nasl - Type : ACT_GATHER_INFO
2010-01-13	Name : The PDF file viewer on the remote Windows host is affected by multiple vulner... File : adobe_reader_apsb10-02.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:07:54	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	211
Saint Exploit(s)	1
osvdb(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	6
Snort® Rule(s)	23
Nessus® Exploit(s)	15

	Related
10	TA10-013A
9.3	CVE-2009-4324
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)