Adobe Reader media.newPlayer Use-After-Free Code Execution

Added: 12/23/2009
CVE: CVE-2009-4324
BID: 37331
OSVDB: 60980

Background

Adobe Reader is free software for viewing PDF documents.

Problem

This issue is caused by a use-after-free error within the "Doc.Media.newPlayer()" JavaScript function, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.

Resolution

Follow instructions in APSB09-07.

References

http://secunia.com/advisories/37690

Limitations

Exploit works on Adobe Reader 9.2.

The user must open the exploit file in Adobe Reader and click on the square image box.

Platforms

Windows

Back to exploit index