60980 : Adobe Reader / Acrobat Doc.media.newPlayer Use-After-Free Arbitrary Code Execution
Printer | http://osvdb.org/60980 | Email This | Edit Vulnerability

Views This Week Views All Time Added to OSVDB Last Modified Modified (since 2008) Percent Complete
21 4826 over 2 years ago 12 months ago 63 times 90%

Timeline
Disclosure Date Exploit Publish Date Vendor Solution Date
2009-12-14 2009-12-15 2010-01-12
Days of Exposure
28 days

Keywords

 Trojan.Pidief.H

Description

Acrobat and Reader contain a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a use-after-free condition in Doc.media.newPlayer when parsing a specially crafted PDF file.

Classification

 Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified, Uncoordinated Disclosure, Uncoordinated Disclosure, Discovered in the Wild

Solution

Upgrade to version 9.3 or higher for Windows, or 8.2 or higher for Mac, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products
Adobe Systems Incorporated
Watch-list
Acrobat
Watch-list
 9.2
Reader
Watch-list
 9.2

References

Tools & Filters

Snort

 16333 16334
43182 43183 43875

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2009-12-15 | Disagree? | There are 1 more: View All

Access_vector_2 Access_complexity_1 Authentication_2 Confidentiality_impact_2 Integrity_impact_2 Availability_impact_2

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

2010/01/21 16:05:49 | Targeted Attack using "Operation Aurora" as the lure

from: F-Secure Antivirus Research Weblog

Now here's an interesting turn of events. In the middle of all the attention to the "Operation Aurora" attacks, we're now seeing new targeted attacks that are using this very event as the lure to get the targets to open a malicious

2010/01/21 15:20:31 | Intelligence sector hit by a targeted attack

from: F-Secure Antivirus Research Weblog

... Now we saw one against the intelligence sector. This attack was done with a PDF file. Again. It was targetting the CVE-2009-4324 vulnerability. Again. When opened, the PDF file (md5: c3079303562d4672d6c3810f91235d9b) looked like this: What really happens...

2010/01/18 14:31:45 | On-going Targeted attacks against US Military contractors

from: F-Secure Antivirus Research Weblog

...talks about a real conference to be held in Las Vegas in March. When opened to Adobe Reader, the file exploited the CVE-2009-4324 vulnerability. This is the doc.media.newPlayer vulnerability that Adobe patched last Tuesday. The exploit dropped a file called...

2010/01/15 19:46:50 | Critical Zero-Day Exploits Hit Internet Explorer and Adobe Reader Vulnerability in Two of the World's Most Popular Applications Part ..

from: PR-Inside.com

...as it comes with DEP (data execution prevention) enabled by default. Adobe Reader Threat Details: Officially known as CVE-2009-4324, the vulnerability affects Adobe Reader and Acrobat 9.2 and earlier versions. Successful exploitation could cause crashes and...

2010/01/13 16:06:07 | Adobe plugs PDF zero-day flaw in latest security makeover

from: ZDNet

...vulnerabilities. This update resolves a use-after-free vulnerability in Multimedia.api that could lead to code execution (CVE-2009-4324). This issue is being actively exploited in the wild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms. This...

2010/01/04 20:47:02 | Adobe Reader vuln hit with unusually advanced attack

from: The Register

...same day Microsoft is slated to release its next installment of security fixes. The vulnerability, which is classified as CVE-2009-4324, has been under targeted attack for more than three weeks. White hat hackers have also added an exploit to the Metasploit...

2010/01/04 15:10:16 | Fortinet December Threatscape Report Shows High Exploit Activity and Holiday Online Shoppers Targeted

from: Freshnews.com

...and uncovered 157 new vulnerabilities in total. On top of this, hackers continued to find ways to exploit zero-day attacks: CVE-2009-4324 was one observed through Adobe Reader/Acrobat and Javascript -- an increasingly common attack vector. Another zero-day...

2009/12/15 06:41:07 | Zero-day vulnerability in Adobe Reader and Acrobat already seeing exploits

from: SC Magazine

...Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon...

Comments

Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2012 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use