Added: 12/23/2009
CVE: CVE-2009-4324
BID: 37331
OSVDB: 60980
Adobe Reader is free software for viewing PDF documents.
This issue is caused by a use-after-free error within the “Doc.Media.newPlayer()” JavaScript function, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.
Follow instructions in APSB09-07.
<http://secunia.com/advisories/37690>
Exploit works on Adobe Reader 9.2.
The user must open the exploit file in Adobe Reader and click on the square image box.
Windows