HTTP: Adobe Reader and Acrobat media.newPlayer Code Execution
This signature detects attempts to exploit a known code execution vulnerability in Adobe Reader and Acrobat products. It is caused by a use-after-free error when parsing crafted JavaScript calls to the media.newPlayer function. A remote attacker can exploit this by enticing a user to download and view a malicious PDF file in a vulnerable version of the affected product. In a successful attack, the behavior of the target is entirely dependent on the logic of the injected code and would execute within the security context of the currently logged in user. In a unsuccessful attack, the affected application terminates abnormally upon parsing the malicious PDF document.
Extended Description
Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions.
Affected Products
Red_hat enterprise_linux_as_extras
Short Name
HTTP:STC:ADOBE:PDF-JS-NEWPLAYER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Acrobat Adobe CVE-2009-4324 Code Execution Reader and bid:37331 media.newPlayer
Release Date
10/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Suse
Adobe
Gentoo
CVSS Score
9.3