Lucene search

K
saintSAINT CorporationSAINT:27B118A705BF0E7C072084CE0B752797
HistoryDec 23, 2009 - 12:00 a.m.

Adobe Reader media.newPlayer Use-After-Free Code Execution

2009-12-2300:00:00
SAINT Corporation
download.saintcorporation.com
28

EPSS

0.97

Percentile

99.8%

Added: 12/23/2009
CVE: CVE-2009-4324
BID: 37331
OSVDB: 60980

Background

Adobe Reader is free software for viewing PDF documents.

Problem

This issue is caused by a use-after-free error within the “Doc.Media.newPlayer()” JavaScript function, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.

Resolution

Follow instructions in APSB09-07.

References

<http://secunia.com/advisories/37690&gt;

Limitations

Exploit works on Adobe Reader 9.2.

The user must open the exploit file in Adobe Reader and click on the square image box.

Platforms

Windows