CVE-2009-4324 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-4324
Status Candidate
Description Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Severity High
CVSS score 9,3
CVSS vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase Assigned (21.08.2010)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4324
References BID : 37331
CERT-VN : VU#508357
CERT : TA10-013A
CONFIRM : http://www.adobe.com/support/security/advisories/a...
CONFIRM : http://www.adobe.com/support/security/bulletins/ap...
CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=547799
MISC : http://blogs.adobe.com/psirt/2009/12/new_adobe_rea...
MISC : http://contagiodump.blogspot.com/2009/12/virustota...
MISC : http://www.metasploit.com/redmine/projects/framewo...
MISC : http://www.shadowserver.org/wiki/pmwiki.php/Calend...
MISC : http://www.symantec.com/connect/blogs/zero-day-xma...
OSVDB : 60980
OVAL : oval:org.mitre.oval:def:6795
REDHAT : RHSA-2010:0060
SECUNIA : 37690
SECUNIA : 38138
SECUNIA : 38215
SUSE : SUSE-SA:2010:008
VUPEN : ADV-2009-3518
VUPEN : ADV-2010-0103
XF : acro-reader-unspecifed-code-execution(54747)
SecurityVulns: Adobe Acrobat and Reader multiple security vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server