Summary
This host is installed with Adobe Reader and is prone to Doc.media.newPlayer Remote Code Execution vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code and compromise a user's system.
Impact Level: System
Solution
Upgrade Adobe Reader version 9.3.2 or later,
For updates refer to http://www.adobe.com
Workaround:
Disable JavaScript execution from the Adobe Acrobat/Reader product configuration menu settings.
Insight
There exists a flaw in the JavaScript module doc.media object while sending a null argument to the newPlayer() method as the exploitation method makes use of a vpointer that has not been initialized.
Affected
Adobe Reader version 9.2.0 and prior
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
- http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
- http://extraexploit.blogspot.com/search/label/CVE-2009-4324
- http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
- http://www.f-secure.com/weblog/archives/00001836.html
- http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-4324 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities