Lucene search

K

[email protected]NVD:CVE-2009-4324

HistoryDec 15, 2009 - 2:30 a.m.

CVE-2009-4324

2009-12-1502:30:00

CWE-416

[email protected]

web.nvd.nist.gov

5

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.97

Percentile

99.8%

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Affected configurations

Nvd

Node

adobeacrobatRange8.0–8.2

OR

adobeacrobatRange9.0–9.3

OR

adobeacrobat_readerRange8.0–8.2

OR

adobeacrobat_readerRange9.0–9.3

AND

applemac_os_xMatch-

OR

microsoftwindowsMatch-

Node

suselinux_enterprise_debuginfoMatch11-

OR

opensuseopensuseMatch11.1

OR

opensuseopensuseMatch11.2

OR

suselinux_enterpriseMatch10.0sp2

OR

suselinux_enterpriseMatch10.0sp3

References

blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html

contagiodump.blogspot.com/2009/12/virustotal-httpwww.html

lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

osvdb.org/60980

secunia.com/advisories/37690

secunia.com/advisories/38138

secunia.com/advisories/38215

www.adobe.com/support/security/advisories/apsa09-07.html

www.adobe.com/support/security/bulletins/apsb10-02.html

www.kb.cert.org/vuls/id/508357

www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb

www.redhat.com/support/errata/RHSA-2010-0060.html

www.securityfocus.com/bid/37331

www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214

www.symantec.com/connect/blogs/zero-day-xmas-present

www.us-cert.gov/cas/techalerts/TA10-013A.html

www.vupen.com/english/advisories/2009/3518

www.vupen.com/english/advisories/2010/0103

bugzilla.redhat.com/show_bug.cgi?id=547799

exchange.xforce.ibmcloud.com/vulnerabilities/54747

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.97

Percentile

99.8%

Related for NVD:CVE-2009-4324