Vulnerability Note VU#508357
The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Reader and the Adobe Acrobat family of software are designed to create, view, and edit Portable Document Format (PDF) files. Adobe Reader is widely deployed, and the Acrobat Reader Plug-In displays PDF inside a web browser.
By convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
Apply an update
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
Disable the displaying of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser reduces attack surface. If this workaround is applied to updated versions of Adobe Reader and Acrobat, it may protect against future vulnerabilities.
To prevent PDF documents from automatically being opened in a web browser with Adobe Reader:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||15 Dec 2009||13 Jan 2010|
CVSS Metrics (Learn More)
Thanks to Adobe PSIRT for reporting this vulnerability.
This document was written by Will Dormann.
- CVE IDs: CVE-2009-4324
- Date Public: 14 Dec 2009
- Date First Published: 15 Dec 2009
- Date Last Updated: 18 Jun 2010
- Severity Metric: 65.84
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.