Vulnerability detail

Vendor

Adobe

Product

Reader and Acrobat

Published

Dec 15, 2009

EPSS

—

Description

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

SSVC decision points

Exploitation

active

Automatable

No

Technical impact

total

References

• http://www.securityfocus.com/bid/37331
• http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
• http://secunia.com/advisories/37690
• http://secunia.com/advisories/38138
• https://bugzilla.redhat.com/show_bug.cgi?id=547799
• http://osvdb.org/60980
• http://www.kb.cert.org/vuls/id/508357
• https://exchange.xforce.ibmcloud.com/vulnerabilities/54747
• http://www.vupen.com/english/advisories/2009/3518
• http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
• http://www.adobe.com/support/security/bulletins/apsb10-02.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795
• http://www.redhat.com/support/errata/RHSA-2010-0060.html
• http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
• http://www.vupen.com/english/advisories/2010/0103
• http://www.adobe.com/support/security/advisories/apsa09-07.html
• http://www.symantec.com/connect/blogs/zero-day-xmas-present
• http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
• http://secunia.com/advisories/38215
• http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
• http://www.us-cert.gov/cas/techalerts/TA10-013A.html

Potential proof of concepts