⚠ Actively exploited

Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: Apply updates per vendor instructions..

CVE-2009-4324 — Use After Free in Adobe Acrobat

CWE-416 — Use After Free CWE-39914 documents10 sources

Severity

7.8HIGHNVD

EPSS

92.9%

top 0.23%

CISA KEV

KEV

Added 2022-06-08

Due 2022-06-22

Exploit

Exploited in wild

Active exploitation observed

Affected products

Adobe Acrobat Adobe Acrobat Reader Opensuse +2 more

Timeline

PublishedDec 15

KEV addedJun 8

KEV dueJun 22

CISA Required Action: Apply updates per vendor instructions.

Description

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/acrobat_reader8.0 — 8.2+1

▶NVDadobe/acrobat8.0 — 8.2+1

▶NVDopensuse/opensuse11.1, 11.2+1

▶NVDsuse/linux_enterprise_debuginfo11

Also affects: Linux Enterprise 10.0

🔴Vulnerability Details

GHSA

GHSA-rv25-qx26-27xv: Use-after-free vulnerability in the Doc↗2022-05-02

▶

CVEList

CVE-2009-4324: Use-after-free vulnerability in the Doc↗2009-12-15

▶

VulnCheck

Adobe Acrobat and Reader Use-After-Free Vulnerability↗2009

▶

💥Exploits & PoCs

Exploit-DB

Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (2)↗2010-09-25

▶

Exploit-DB

Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (1)↗2010-04-30

▶

Exploit-DB

Adobe Reader / Acrobat - '.PDF' File Overflow↗2009-12-23

▶

🔍Detection Rules

Suricata

ET WEB_CLIENT Possible Adobe Multimedia Doc.media.newPlayer Memory Corruption Attempt↗2010-07-30

▶

📋Vendor Advisories

CISA

Adobe Acrobat and Reader Use-After-Free Vulnerability↗2022-06-08

▶

Red Hat

acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)↗2009-12-14

▶

🕵️Threat Intelligence

Talos

Adobe Reader media.newPlayer() Analysis (CVE-2009-4324)↗2009-12-15

▶

💬Community

Bugzilla

CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02)↗2010-01-11

▶

Bugzilla

CVE-2009-4324 acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)↗2009-12-15

▶