CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.8%
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | acrobat | * | cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* |
adobe | acrobat_reader | * | cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* |
apple | mac_os_x | - | cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* |
microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
suse | linux_enterprise_debuginfo | 11 | cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:* |
opensuse | opensuse | 11.1 | cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* |
opensuse | opensuse | 11.2 | cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* |
suse | linux_enterprise | 10.0 | cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:* |
suse | linux_enterprise | 10.0 | cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:* |
blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
osvdb.org/60980
secunia.com/advisories/37690
secunia.com/advisories/38138
secunia.com/advisories/38215
www.adobe.com/support/security/advisories/apsa09-07.html
www.adobe.com/support/security/bulletins/apsb10-02.html
www.kb.cert.org/vuls/id/508357
www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
www.redhat.com/support/errata/RHSA-2010-0060.html
www.securityfocus.com/bid/37331
www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
www.symantec.com/connect/blogs/zero-day-xmas-present
www.us-cert.gov/cas/techalerts/TA10-013A.html
www.vupen.com/english/advisories/2009/3518
www.vupen.com/english/advisories/2010/0103
bugzilla.redhat.com/show_bug.cgi?id=547799
exchange.xforce.ibmcloud.com/vulnerabilities/54747
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.8%