What is the CVSS score of CVE-2009-4324?

CVE-2009-4324 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 92.9%.

Which versions of Microsoft are affected by CVE-2009-4324?

CVE-2009-4324 presents notable security risk, a use-after-free vulnerability rated CVSS 7.8. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2009-4324?

Yes, a public proof-of-concept exploit is available for CVE-2009-4324. Prioritise patching immediately. EPSS: 92.9%.

How to fix or mitigate CVE-2009-4324?

Within 24 hours: Identify all affected systems running the Doc.media.newPlayer method in Multimedia.api in Adobe Re and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Microsoft CVE-2009-4324

HIGH

Use After Free (CWE-416)

2009-12-15 psirt@adobe.com

RCE Use After Free Memory Corruption Microsoft Adobe

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:17 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

CVE Published

Dec 15, 2009 - 02:30 nvd

HIGH 7.8

DescriptionNVD

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

AnalysisAI

Adobe Reader and Acrobat contain a use-after-free vulnerability in the Doc.media.newPlayer JavaScript method that was actively exploited as a zero-day in December 2009 via crafted PDF files with ZLib compressed streams.

Technical ContextAI

The CWE-416 flaw occurs when JavaScript code triggers the Doc.media.newPlayer method, causing a media player object to be freed while still referenced. Subsequent access to the freed object allows attackers to control execution flow. Exploits used ZLib compressed streams to bypass detection.

RemediationAI

Update to Adobe Reader/Acrobat 9.3+ or 8.2+. Modern mitigation: deploy PDF readers with exploit mitigations (sandbox, DEP, ASLR) or use browser-based PDF rendering.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2009-4324 vulnerability details – vuln.today

Back

Microsoft CVE-2009-4324

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code