[CVE-2009-4324] Adobe Acrobat and Reader Use-After-Free Vulnerability

NVD 상세 정보

설명: Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

CWE: CWE-416 | CWE-416

참조

• http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html [Broken Link, Vendor Advisory]
• http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html [Exploit, Third Party Advisory]
• http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html [Mailing List, Third Party Advisory]
• http://osvdb.org/60980 [Broken Link]
• http://secunia.com/advisories/37690 [Broken Link, Vendor Advisory]
• http://secunia.com/advisories/38138 [Broken Link, Vendor Advisory]
• http://secunia.com/advisories/38215 [Broken Link, Vendor Advisory]
• http://www.adobe.com/support/security/advisories/apsa09-07.html [Vendor Advisory]
• http://www.adobe.com/support/security/bulletins/apsb10-02.html [Not Applicable]
• http://www.kb.cert.org/vuls/id/508357 [Third Party Advisory, US Government Resource]
• http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb [Broken Link]
• http://www.redhat.com/support/errata/RHSA-2010-0060.html [Broken Link]
• http://www.securityfocus.com/bid/37331 [Broken Link, Third Party Advisory, VDB Entry]
• http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214 [Broken Link]
• http://www.symantec.com/connect/blogs/zero-day-xmas-present [Broken Link]
• ... 외 28건