Summary
This host is installed with Adobe Reader/Acrobat and is prone to Doc.media.newPlayer Remote Code Execution vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code and compromise a user's system.
Impact Level: System
Solution
Adobe Acrobat/Reader version 9.3.2 or later,
For updates refer to http://www.adobe.com
Workaround:
Disable JavaScript execution from the Adobe Acrobat/Reader product configuration menu settings.
Insight
There exists a flaw in the JavaScript module doc.media object while sending a null argument to the newPlayer() method as the exploitation method makes use of a vpointer that has not been initialized.
Affected
Adobe Acrobat version 9.2.0 and prior.
Adobe Acrobat version 9.2.0 and prior.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
- http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
- http://extraexploit.blogspot.com/search/label/CVE-2009-4324
- http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
- http://www.f-secure.com/weblog/archives/00001836.html
- http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-4324 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- avast! 'aswRdr.sys' Buffer Overflow Vulnerability
- Alleycode HTML Editor Buffer Overflow Vulnerabilities
- BSPlayer Stack Overflow Vulnerability BLS
- Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Mac OS X)
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)