Check Point Advisories

Protection against Adobe Reader and Acrobat Doc.media.newPlayer Memory Corruption Vulnerability (APSA09-07)

Check Point Reference: CPAI-2009-295
Date Published: 16 Dec 2009
Severity: Critical
Last Updated: Thursday 01 January, 2009
Source: Adobe Security Bulletin - APSA09-07
Industry Reference:CVE-2009-4324
Protection Provided by:
Who is Vulnerable? Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Vulnerability Description A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation allows execution of arbitrary code on a vulnerable system.
Update/Patch AvaliableApply patches:
Adobe Security Bulletin - APSA09-07
Vulnerability DetailsThe vulnerability is due to an error in the implementation of the Doc.media.newPlayer JavaScript method in Adobe Reader and Acrobat. A remote attacker could trigger this flaw via a specially crafted PDF file containing the vulnerable JavaScript method. Successful exploitation allows execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK