9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.6%
Added: 12/23/2009
CVE: CVE-2009-4324
BID: 37331
OSVDB: 60980
Adobe Reader is free software for viewing PDF documents.
This issue is caused by a use-after-free error within the “Doc.Media.newPlayer()” JavaScript function, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.
Follow instructions in APSB09-07.
<http://secunia.com/advisories/37690>
Exploit works on Adobe Reader 9.2.
The user must open the exploit file in Adobe Reader and click on the square image box.
Windows