CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4324

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score90.8580%
EPSS Percentile94.39th
PublishedDec 15, 2009
Last ModifiedApr 21, 2026

Vulnerability Description

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Affected Platforms (CPE)

πŸ“¦
Adobe

Acrobat

>= 8.0 and < 8.2
πŸ“¦
Adobe

Acrobat

>= 9.0 and < 9.3
πŸ“¦
Adobe

Acrobat Reader

>= 8.0 and < 8.2
πŸ“¦
Adobe

Acrobat Reader

>= 9.0 and < 9.3
πŸ“¦
Suse

Linux Enterprise Debuginfo

= 11
πŸ’»
Opensuse

Opensuse

= 11.1
πŸ’»
Opensuse

Opensuse

= 11.2
πŸ’»
Suse

Linux Enterprise

= 10.0
πŸ’»
Suse

Linux Enterprise

= 10.0

References & Advisories

πŸ”— http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
πŸ”— http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
πŸ”— http://osvdb.org/60980
πŸ”— http://secunia.com/advisories/37690
πŸ”— http://secunia.com/advisories/38138
πŸ”— http://secunia.com/advisories/38215
πŸ”— http://www.adobe.com/support/security/advisories/apsa09-07.html

Related Vulnerabilities

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...