Lucene search
RootSSV:15133HistoryDec 23, 2009 - 12:00 a.m.
Adobe Reader和Acrobat newplayer() JavaScript方式内存破坏漏洞
2009-12-2300:00:00
Root
www.seebug.org
29
EPSS
0.97
Percentile
99.8%
BUGTRAQ ID: 37331
CVE ID: CVE-2009-4324
Adobe Acrobat和Reader都是非常流行的PDF文件阅读器。
Adobe Reader和Acrobat阅读器支持JavaScript。Doc.media对象的newplayer()方式存在释放后使用漏洞,可能触发可利用的内存访问破坏。远程攻击者可以通过使用ZLib压缩流的特制PDF文件来利用这个漏洞,导致执行任意代码。
Adobe Acrobat <= 9.2
Adobe Reader <= 9.2
临时解决方法:
- 禁用JavaScript。
- 禁止使用Doc.media.newPlayer方式。
厂商补丁:
Adobe
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploit
Related
openvas
openvas
Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerability - Windows
2009-12-21 00:00:00
Adobe Reader Multimeda Doc.media.newPlayer RCE Vulnerability - Linux
2009-12-21 00:00:00
Adobe Reader Multiple Vulnerabilities (Jan 2010) - Linux
2010-01-16 00:00:00
seebug
seebug
Adobe Reader and Acrobat
2014-07-01 00:00:00
Adobe Reader and Acrobat (CVE-2009-4324) Exploit
2009-12-23 00:00:00
Adobe Reader/Acrobat 'newplayer()' JavaScript方法远程代码执行漏洞
2009-12-17 00:00:00
prion
prion
Design/Logic Flaw
2009-12-15 02:30:00
cvelist
cvelist
CVE-2009-4324
2009-12-15 02:00:00
nvd
nvd
CVE-2009-4324
2009-12-15 02:30:00
packetstorm
packetstorm
Adobe Doc.media.newPlayer Use After Free Vulnerability
2009-12-31 00:00:00
Adobe Doc.media.newPlayer Use After Free Vulnerability
2009-12-31 00:00:00
Adobe Reader / Acrobat Use-After-Free Calc.exe
2009-12-22 00:00:00
ubuntucve
ubuntucve
CVE-2009-4324
2009-12-15 00:00:00
checkpoint_advisories
checkpoint_advisories
saint
saint
Adobe Reader media.newPlayer Use-After-Free Code Execution
2009-12-23 00:00:00
Adobe Reader media.newPlayer Use-After-Free Code Execution
2009-12-23 00:00:00
Adobe Reader media.newPlayer Use-After-Free Code Execution
2009-12-23 00:00:00
attackerkb
attackerkb
CVE-2009-4324
2009-12-15 00:00:00
metasploit
metasploit
Adobe Doc.media.newPlayer Use After Free Vulnerability
2009-12-16 20:37:57
Adobe Doc.media.newPlayer Use After Free Vulnerability
2009-12-15 20:15:08
canvas
canvas
Immunity Canvas: ACROBAT_NEWPLAYER
2009-12-15 02:30:00
threatpost
threatpost
Attackers Targeting Unpatched Adobe Flaws
2009-12-15 14:26:19
Main PHP-Nuke Site Compromised
2010-05-07 15:37:38
Adobe PDF Reader Gets Another Security Makeover
2010-01-13 15:57:31
exploitpack
exploitpack
Adobe Reader Acrobat - .PDF File Overflow
2009-12-23 00:00:00
cert
cert
cisa_kev
cisa_kev
Adobe Acrobat and Reader Use-After-Free Vulnerability
2022-06-08 00:00:00
cve
cve
CVE-2009-4324
2009-12-15 02:30:00
exploitdb
exploitdb
Adobe Reader / Acrobat - '.PDF' File Overflow
2009-12-23 00:00:00
Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (2)
2010-09-25 00:00:00
Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (1)
2010-04-30 00:00:00
redhat
redhat
(RHSA-2010:0060) Critical: acroread security update
2010-01-20 00:00:00
(RHSA-2010:0038) Critical: acroread security update
2010-01-13 00:00:00
(RHSA-2010:0037) Critical: acroread security and bug fix update
2010-01-13 00:00:00
nessus
nessus
RHEL 3 : acroread (RHSA-2010:0060)
2013-01-24 00:00:00
RHEL 5 : acroread (RHSA-2010:0037)
2013-01-24 00:00:00
RHEL 4 : acroread (RHSA-2010:0038)
2013-01-24 00:00:00
securityvulns
securityvulns
Adobe Acrobat and Reader multiple security vulnerabilities
2010-03-15 00:00:00
Security updates available for Adobe Reader and Acrobat
2010-01-17 00:00:00
suse
suse
remote code execution in acroread
2010-01-26 16:40:23
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2010-09-07 00:00:00