← Zuruck zu CVEs
CVE-2009-4324
HIGHCISA KEV7.8
Beschreibung
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht12/15/2009
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerAdobe
ProduktAcrobat and Reader
SchwachstellennameAdobe Acrobat and Reader Use-After-Free Vulnerability
KEV Aufnahmedatum2022-06-08
Behebungsfrist2022-06-22
Ransomware-NutzungUnknown
Betroffene Produkte
adobe:acrobatadobe:acrobat_readerapple:mac_os_xmicrosoft:windowsopensuse:opensusesuse:linux_enterprisesuse:linux_enterprise_debuginfo
Schwachen (CWE)
CWE-416CWE-416
Referenzen
http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html(psirt@adobe.com)
http://osvdb.org/60980(psirt@adobe.com)
http://secunia.com/advisories/37690(psirt@adobe.com)
http://secunia.com/advisories/38138(psirt@adobe.com)
http://secunia.com/advisories/38215(psirt@adobe.com)
http://www.adobe.com/support/security/advisories/apsa09-07.html(psirt@adobe.com)
http://www.adobe.com/support/security/bulletins/apsb10-02.html(psirt@adobe.com)
http://www.kb.cert.org/vuls/id/508357(psirt@adobe.com)
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb(psirt@adobe.com)
http://www.redhat.com/support/errata/RHSA-2010-0060.html(psirt@adobe.com)
http://www.securityfocus.com/bid/37331(psirt@adobe.com)
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214(psirt@adobe.com)
http://www.symantec.com/connect/blogs/zero-day-xmas-present(psirt@adobe.com)
http://www.us-cert.gov/cas/techalerts/TA10-013A.html(psirt@adobe.com)
http://www.vupen.com/english/advisories/2009/3518(psirt@adobe.com)
http://www.vupen.com/english/advisories/2010/0103(psirt@adobe.com)
https://bugzilla.redhat.com/show_bug.cgi?id=547799(psirt@adobe.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54747(psirt@adobe.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795(psirt@adobe.com)
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html(af854a3a-2127-422b-91ae-364da2661108)
http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/60980(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37690(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38138(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38215(af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/advisories/apsa09-07.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb10-02.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/508357(af854a3a-2127-422b-91ae-364da2661108)
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb(af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0060.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37331(af854a3a-2127-422b-91ae-364da2661108)
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214(af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/connect/blogs/zero-day-xmas-present(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-013A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3518(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0103(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=547799(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54747(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-4324(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.