CVE-2009-4324

HIGH
2009-12-15 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 26, 2026 - 11:17 vuln.today
Added to CISA KEV
Oct 22, 2025 - 01:15 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 01:15 vuln.today
Public exploit code
CVE Published
Dec 15, 2009 - 02:30 nvd
HIGH 7.8

Tags

Windows macOS

Description

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Analysis

Adobe Reader and Acrobat contain a use-after-free vulnerability in the Doc.media.newPlayer JavaScript method that was actively exploited as a zero-day in December 2009 via crafted PDF files with ZLib compressed streams.

Technical Context

The CWE-416 flaw occurs when JavaScript code triggers the Doc.media.newPlayer method, causing a media player object to be freed while still referenced. Subsequent access to the freed object allows attackers to control execution flow. Exploits used ZLib compressed streams to bypass detection.

Affected Products

['Adobe Reader 9.x before 9.3', 'Adobe Reader 8.x before 8.2', 'Adobe Acrobat 9.x before 9.3', 'Adobe Acrobat 8.x before 8.2']

Remediation

Update to Adobe Reader/Acrobat 9.3+ or 8.2+. Modern mitigation: deploy PDF readers with exploit mitigations (sandbox, DEP, ASLR) or use browser-based PDF rendering.

Priority Score

212
Low Medium High Critical
KEV: +50
EPSS: +92.9
CVSS: +39
POC: +20

Share

CVE-2009-4324 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy