Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:ADOBE:PDF-JS-NEWPLAYER |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Reader and Acrobat media.newPlayer Code Execution |
Release Date |
2010/10/18 |
Update Number |
1794 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Adobe Reader and Acrobat media.newPlayer Code Execution
This signature detects attempts to exploit a known code execution vulnerability in Adobe Reader and Acrobat products. It is caused by a use-after-free error when parsing crafted JavaScript calls to the media.newPlayer function. A remote attacker can exploit this by enticing a user to download and view a malicious PDF file in a vulnerable version of the affected product. In a successful attack, the behavior of the target is entirely dependent on the logic of the injected code and would execute within the security context of the currently logged in user. In a unsuccessful attack, the affected application terminates abnormally upon parsing the malicious PDF document.
Extended Description
Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions.
Affected Products
- Adobe acrobat 6.0.1
- Adobe acrobat 7.0.9
- Adobe acrobat 9.1.1
- Adobe acrobat 9.2
- Adobe acrobat_professional 8.0
- Adobe acrobat_professional 8.1
- Adobe acrobat_professional 8.1.1
- Adobe acrobat_professional 8.1.2
- Adobe acrobat_professional 8.1.3
- Adobe acrobat_professional 8.1.4
- Adobe acrobat_professional 8.1.6
- Adobe acrobat_professional 8.1.7
- Adobe acrobat_professional 9
- Adobe acrobat_professional 9.1
- Adobe acrobat_professional 9.1.2
- Adobe acrobat_professional 9.1.3
- Adobe acrobat_professional 9.2
- Adobe acrobat_standard 8.0
- Adobe acrobat_standard 8.1
- Adobe acrobat_standard 8.1.1
- Adobe acrobat_standard 8.1.2
- Adobe acrobat_standard 8.1.3
- Adobe acrobat_standard 8.1.4
- Adobe acrobat_standard 8.1.6
- Adobe acrobat_standard 8.1.7
- Adobe acrobat_standard 9
- Adobe acrobat_standard 9.1
- Adobe acrobat_standard 9.1.2
- Adobe acrobat_standard 9.1.3
- Adobe acrobat_standard 9.2
- Adobe reader 6.0.1
- Adobe reader 7.0.9
- Adobe reader 8.0
- Adobe reader 8.1
- Adobe reader 8.1.1
- Adobe reader 8.1.2
- Adobe reader 8.1.3
- Adobe reader 8.1.4
- Adobe reader 8.1.5
- Adobe reader 8.1.6
- Adobe reader 8.1.7
- Adobe reader 9
- Adobe reader 9.1
- Adobe reader 9.1.1
- Adobe reader 9.1.2
- Adobe reader 9.1.3
- Adobe reader 9.2
- Gentoo linux
- Red_hat desktop_extras 3
- Red_hat desktop_extras 4
- Red_hat enterprise_linux_as_extras 3
- Red_hat enterprise_linux_as_extras 4
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Red_hat enterprise_linux_es_extras 3
- Red_hat enterprise_linux_es_extras 4
- Red_hat enterprise_linux_extras 3
- Red_hat enterprise_linux_extras 4
- Red_hat enterprise_linux_supplementary 5 Server
- Red_hat enterprise_linux_ws_extras 3
- Red_hat enterprise_linux_ws_extras 4
- Suse opensuse 11.0
- Suse opensuse 11.1
- Suse opensuse 11.2
- Suse suse_linux_enterprise 10 SP2
- Suse suse_linux_enterprise 10 SP3
- Suse suse_linux_enterprise_desktop 11
References
- BugTraq: 37331
- CVE: CVE-2009-4324