CVE-2009-4324
Vulnerability from cvelistv5
Published
2009-12-15 02:00
Modified
2024-08-07 07:01
Severity ?
Summary
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
References
psirt@adobe.comhttp://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.htmlBroken Link, Vendor Advisory
psirt@adobe.comhttp://contagiodump.blogspot.com/2009/12/virustotal-httpwww.htmlExploit, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://osvdb.org/60980Broken Link
psirt@adobe.comhttp://secunia.com/advisories/37690Broken Link, Vendor Advisory
psirt@adobe.comhttp://secunia.com/advisories/38138Broken Link, Vendor Advisory
psirt@adobe.comhttp://secunia.com/advisories/38215Broken Link, Vendor Advisory
psirt@adobe.comhttp://www.adobe.com/support/security/advisories/apsa09-07.htmlVendor Advisory
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb10-02.htmlNot Applicable
psirt@adobe.comhttp://www.kb.cert.org/vuls/id/508357Third Party Advisory, US Government Resource
psirt@adobe.comhttp://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rbBroken Link
psirt@adobe.comhttp://www.redhat.com/support/errata/RHSA-2010-0060.htmlBroken Link
psirt@adobe.comhttp://www.securityfocus.com/bid/37331Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.comhttp://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214Broken Link
psirt@adobe.comhttp://www.symantec.com/connect/blogs/zero-day-xmas-presentBroken Link
psirt@adobe.comhttp://www.us-cert.gov/cas/techalerts/TA10-013A.htmlThird Party Advisory, US Government Resource
psirt@adobe.comhttp://www.vupen.com/english/advisories/2009/3518Broken Link, Vendor Advisory
psirt@adobe.comhttp://www.vupen.com/english/advisories/2010/0103Broken Link
psirt@adobe.comhttps://bugzilla.redhat.com/show_bug.cgi?id=547799Issue Tracking
psirt@adobe.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/54747Third Party Advisory, VDB Entry
psirt@adobe.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795Broken Link
af854a3a-2127-422b-91ae-364da2661108http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.htmlBroken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/60980Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37690Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38138Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38215Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/advisories/apsa09-07.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb10-02.htmlNot Applicable
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/508357Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rbBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0060.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37331Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.symantec.com/connect/blogs/zero-day-xmas-presentBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-013A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3518Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0103Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=547799Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/54747Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795Broken Link
Impacted products
Vendor Product Version
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-06-08

Due date: 2022-06-22

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2009-4324

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37331",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37331"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"
          },
          {
            "name": "37690",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37690"
          },
          {
            "name": "38138",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
          },
          {
            "name": "60980",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60980"
          },
          {
            "name": "VU#508357",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/508357"
          },
          {
            "name": "acro-reader-unspecifed-code-execution(54747)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"
          },
          {
            "name": "ADV-2009-3518",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3518"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6795",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"
          },
          {
            "name": "RHSA-2010:0060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"
          },
          {
            "name": "ADV-2010-0103",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0103"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"
          },
          {
            "name": "38215",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38215"
          },
          {
            "name": "SUSE-SA:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
          },
          {
            "name": "TA10-013A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "37331",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37331"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"
        },
        {
          "name": "37690",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37690"
        },
        {
          "name": "38138",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
        },
        {
          "name": "60980",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60980"
        },
        {
          "name": "VU#508357",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/508357"
        },
        {
          "name": "acro-reader-unspecifed-code-execution(54747)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"
        },
        {
          "name": "ADV-2009-3518",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3518"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6795",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"
        },
        {
          "name": "RHSA-2010:0060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"
        },
        {
          "name": "ADV-2010-0103",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0103"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"
        },
        {
          "name": "38215",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38215"
        },
        {
          "name": "SUSE-SA:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
        },
        {
          "name": "TA10-013A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2009-4324",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37331",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37331"
            },
            {
              "name": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html",
              "refsource": "MISC",
              "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"
            },
            {
              "name": "37690",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37690"
            },
            {
              "name": "38138",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38138"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=547799",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
            },
            {
              "name": "60980",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/60980"
            },
            {
              "name": "VU#508357",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/508357"
            },
            {
              "name": "acro-reader-unspecifed-code-execution(54747)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"
            },
            {
              "name": "ADV-2009-3518",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3518"
            },
            {
              "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb",
              "refsource": "MISC",
              "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6795",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"
            },
            {
              "name": "RHSA-2010:0060",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
            },
            {
              "name": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html",
              "refsource": "MISC",
              "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"
            },
            {
              "name": "ADV-2010-0103",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0103"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"
            },
            {
              "name": "http://www.symantec.com/connect/blogs/zero-day-xmas-present",
              "refsource": "MISC",
              "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"
            },
            {
              "name": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214",
              "refsource": "MISC",
              "url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"
            },
            {
              "name": "38215",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38215"
            },
            {
              "name": "SUSE-SA:2010:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
            },
            {
              "name": "TA10-013A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2009-4324",
    "datePublished": "2009-12-15T02:00:00",
    "dateReserved": "2009-12-14T00:00:00",
    "dateUpdated": "2024-08-07T07:01:20.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2009-4324",
      "cwes": "[\"CWE-399\"]",
      "dateAdded": "2022-06-08",
      "dueDate": "2022-06-22",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324",
      "product": "Acrobat and Reader",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Acrobat and Reader Use-After-Free Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4324\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2009-12-15T02:30:00.217\",\"lastModified\":\"2024-12-19T18:07:41.467\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de uso de la memoria previamente liberada (Use-after-free) en la funci\u00f3n Doc.media.newPlayer en el archivo Multimedia.api en Adobe Reader y Acrobat versi\u00f3n 9.x anterior a 9.3, y versi\u00f3n 8.x anterior a 8.2 en Windows y Mac OS X, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo PDF creado utilizando una transmisi\u00f3n comprimida ZLib, tal como se explot\u00f3 \u201cin the wild\u201d en diciembre de 2009.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-06-08\",\"cisaActionDue\":\"2022-06-22\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Adobe Acrobat and Reader Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.2\",\"matchCriteriaId\":\"9670133C-09FA-41F2-B0F7-BFE960E30B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.3\",\"matchCriteriaId\":\"EA95CC75-BF25-4BEB-B646-ACDBBE32AF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.2\",\"matchCriteriaId\":\"3A8B3441-727A-4A78-A5A4-5A5011075510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.3\",\"matchCriteriaId\":\"AADB6D5C-5448-4FF7-BB7B-3641EA56194E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76D0C17-2AFF-4209-BBCD-36166DF7F974\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A3B50EE-F432-40BE-B422-698955A6058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:10.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1193A7E6-DCB4-4E79-A509-1D6948153A57\"}]}]}],\"references\":[{\"url\":\"http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/60980\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/37690\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38138\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38215\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-07.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/508357\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0060.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/37331\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.symantec.com/connect/blogs/zero-day-xmas-present\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-013A.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3518\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0103\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=547799\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54747\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/60980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/37690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-07.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/508357\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/37331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.symantec.com/connect/blogs/zero-day-xmas-present\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-013A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3518\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=547799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.