{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "37331", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37331"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"}, {"name": "37690", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37690"}, {"name": "38138", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38138"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"}, {"name": "60980", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/60980"}, {"name": "VU#508357", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/508357"}, {"name": "acro-reader-unspecifed-code-execution(54747)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"}, {"name": "ADV-2009-3518", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3518"}, {"tags": ["x_refsource_MISC"], "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "oval:org.mitre.oval:def:6795", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"}, {"name": "RHSA-2010:0060", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"tags": ["x_refsource_MISC"], "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"}, {"name": "ADV-2010-0103", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"}, {"tags": ["x_refsource_MISC"], "url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"}, {"name": "38215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2009-4324", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37331"}, {"name": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html", "refsource": "MISC", "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"}, {"name": "37690", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37690"}, {"name": "38138", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38138"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=547799", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"}, {"name": "60980", "refsource": "OSVDB", "url": "http://osvdb.org/60980"}, {"name": "VU#508357", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/508357"}, {"name": "acro-reader-unspecifed-code-execution(54747)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"}, {"name": "ADV-2009-3518", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3518"}, {"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb", "refsource": "MISC", "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "oval:org.mitre.oval:def:6795", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"}, {"name": "RHSA-2010:0060", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"name": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html", "refsource": "MISC", "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"}, {"name": "ADV-2010-0103", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"name": "http://www.adobe.com/support/security/advisories/apsa09-07.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"}, {"name": "http://www.symantec.com/connect/blogs/zero-day-xmas-present", "refsource": "MISC", "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"}, {"name": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214", "refsource": "MISC", "url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"}, {"name": "38215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:01:20.249Z"}, "title": "CVE Program Container", "references": [{"name": "37331", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37331"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"}, {"name": "37690", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37690"}, {"name": "38138", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38138"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"}, {"name": "60980", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/60980"}, {"name": "VU#508357", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/508357"}, {"name": "acro-reader-unspecifed-code-execution(54747)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"}, {"name": "ADV-2009-3518", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3518"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"name": "oval:org.mitre.oval:def:6795", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"}, {"name": "RHSA-2010:0060", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"}, {"name": "ADV-2010-0103", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"}, {"name": "38215", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38215"}, {"name": "SUSE-SA:2010:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"name": "TA10-013A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2009-4324", "datePublished": "2009-12-15T02:00:00", "dateReserved": "2009-12-14T00:00:00", "dateUpdated": "2024-08-07T07:01:20.249Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-06-22", "cisaExploitAdd": "2022-06-08", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Adobe Acrobat and Reader Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "9670133C-09FA-41F2-B0F7-BFE960E30B71", "versionEndExcluding": "8.2", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA95CC75-BF25-4BEB-B646-ACDBBE32AF4F", "versionEndExcluding": "9.3", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A8B3441-727A-4A78-A5A4-5A5011075510", "versionEndExcluding": "8.2", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "AADB6D5C-5448-4FF7-BB7B-3641EA56194E", "versionEndExcluding": "9.3", "versionStartIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*", "matchCriteriaId": "C76D0C17-2AFF-4209-BBCD-36166DF7F974", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "6A3B50EE-F432-40BE-B422-698955A6058D", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "1193A7E6-DCB4-4E79-A509-1D6948153A57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."}, {"lang": "es", "value": "La vulnerabilidad de uso de la memoria previamente liberada (Use-after-free) en la funci\u00f3n Doc.media.newPlayer en el archivo Multimedia.api en Adobe Reader y Acrobat versi\u00f3n 9.x anterior a 9.3, y versi\u00f3n 8.x anterior a 8.2 en Windows y Mac OS X, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo PDF creado utilizando una transmisi\u00f3n comprimida ZLib, tal como se explot\u00f3 \u201cin the wild\u201d en diciembre de 2009."}], "id": "CVE-2009-4324", "lastModified": "2024-06-28T14:20:36.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2009-12-15T02:30:00.217", "references": [{"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"}, {"source": "psirt@adobe.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://osvdb.org/60980"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/37690"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/38138"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/38215"}, {"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"}, {"source": "psirt@adobe.com", "tags": ["Not Applicable"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/508357"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37331"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3518"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2010/0103"}, {"source": "psirt@adobe.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0060", "cpe": "cpe:/a:redhat:rhel_extras:3", "package": "acroread-0:9.3-3", "product_name": "Extras for RHEL 3", "release_date": "2010-01-20T00:00:00Z"}, {"advisory": "RHSA-2010:0038", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "acroread-0:9.3-1.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-01-13T00:00:00Z"}, {"advisory": "RHSA-2010:0037", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "acroread-0:9.3-1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-01-13T00:00:00Z"}], "bugzilla": {"description": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)", "id": "547799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."], "name": "CVE-2009-4324", "public_date": "2009-12-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-4324\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-4324\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}