CVE-2009-4324

Name of the Vulnerable Software and Affected Versions Adobe Reader versions 8.x through 8.2 Adobe Reader versions 9.x through 9.3 Adobe Acrobat versions 8.x through 8.2 Adobe Acrobat versions 9.x through 9.3

Description The issue is related to a use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api, which can be exploited by remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams. This vulnerability has been exploited in the wild. The vulnerability is associated with resource management errors in Adobe Reader and Adobe Acrobat.

Recommendations For Adobe Reader versions 8.x through 8.2, update to version 8.2 or later. For Adobe Reader versions 9.x through 9.3, update to version 9.3 or later. For Adobe Acrobat versions 8.x through 8.2, update to version 8.2 or later. For Adobe Acrobat versions 9.x through 9.3, update to version 9.3 or later. As a temporary workaround, consider avoiding the use of the Doc.media.newPlayer method in Multimedia.api until a patch is available. Restrict access to crafted PDF files using ZLib compressed streams to minimize the risk of exploitation.