Summary
This host is installed with Adobe Reader and is prone to Doc.media.newPlayer Remote Code Execution vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code and compromise a user's system.
Impact Level: System
Solution
Upgrade Adobe Reader version 9.3.2 or later,
For updates refer to http://www.adobe.com
Workaround:
Disable JavaScript execution from the Adobe Acrobat/Reader product configuration menu settings.
Insight
There exists a flaw in the JavaScript module doc.media object while sending a null argument to the newPlayer() method as the exploitation method makes use of a vpointer that has not been initialized.
Affected
Adobe Reader version 9.2.0 and prior
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
- http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
- http://extraexploit.blogspot.com/search/label/CVE-2009-4324
- http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
- http://www.f-secure.com/weblog/archives/00001836.html
- http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-4324 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)
- Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
- Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Windows)
- Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerability (Win)
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)