CVE - CVE-2009-4324

Items of Interest

CVE-ID
CVE-2009-4324	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html MISC:http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html MISC:http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb MISC:http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214 MISC:http://www.symantec.com/connect/blogs/zero-day-xmas-present CONFIRM:http://www.adobe.com/support/security/advisories/apsa09-07.html CONFIRM:http://www.adobe.com/support/security/bulletins/apsb10-02.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=547799 REDHAT:RHSA-2010:0060 URL:http://www.redhat.com/support/errata/RHSA-2010-0060.html SUSE:SUSE-SA:2010:008 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html CERT:TA10-013A URL:http://www.us-cert.gov/cas/techalerts/TA10-013A.html CERT-VN:VU#508357 URL:http://www.kb.cert.org/vuls/id/508357 BID:37331 URL:http://www.securityfocus.com/bid/37331 OSVDB:60980 URL:http://osvdb.org/60980 OVAL:oval:org.mitre.oval:def:6795 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6795 SECUNIA:37690 URL:http://secunia.com/advisories/37690 SECUNIA:38138 URL:http://secunia.com/advisories/38138 SECUNIA:38215 URL:http://secunia.com/advisories/38215 VUPEN:ADV-2009-3518 URL:http://www.vupen.com/english/advisories/2009/3518 VUPEN:ADV-2010-0103 URL:http://www.vupen.com/english/advisories/2010/0103 XF:acro-reader-unspecifed-code-execution(54747) URL:http://xforce.iss.net/xforce/xfdb/54747
Date Entry Created
20091214	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2009-4324