CVE-2009-4324: Adobe Acrobat and Reader Use-After-Free Vulnerability
First published: Mon Dec 14 2009(Updated: )
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Credit: psirt@adobe.com psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/acroread | <0:9.3-1.el4 | 0:9.3-1.el4 |
| redhat/acroread | <0:9.3-1.el5 | 0:9.3-1.el5 |
| Adobe Acrobat Reader | =7.0.9 | |
| Adobe Acrobat Reader | =8.0 | |
| Adobe Acrobat Reader | =5.0.10 | |
| Adobe Acrobat Reader | =4.5 | |
| Adobe Acrobat Reader | =8.1.2 | |
| Adobe Acrobat Reader | =5.0 | |
| Adobe Acrobat Reader | =5.0.9 | |
| Adobe Acrobat Reader | =9.1 | |
| Adobe Acrobat Reader | =7.0.5 | |
| Adobe Acrobat Reader | =7.0.6 | |
| Adobe Acrobat Reader | =3.0 | |
| Adobe Acrobat Reader | =6.0.5 | |
| Adobe Acrobat Reader | =7.0.2 | |
| Adobe Acrobat Reader | =4.0.5 | |
| Adobe Acrobat Reader | =7.0.3 | |
| Adobe Acrobat Reader | =4.0 | |
| Adobe Acrobat Reader | <=9.2 | |
| Adobe Acrobat Reader | =9.1 | |
| Adobe Acrobat Reader | =7.0.8 | |
| Adobe Acrobat Reader | =7.0.8 | |
| Adobe Acrobat Reader | =4.0.5a | |
| Adobe Acrobat Reader | =6.0.3 | |
| Adobe Acrobat Reader | =8.1.1 | |
| Adobe Acrobat Reader | =5.0.5 | |
| Adobe Acrobat Reader | =8.1 | |
| Adobe Acrobat Reader | =9.0 | |
| Adobe Acrobat Reader | =8.0 | |
| Adobe Acrobat Reader | =7.0.6 | |
| Adobe Acrobat Reader | =7.0.7 | |
| Adobe Acrobat Reader | =5.0.11 | |
| Adobe Acrobat Reader | =7.0.3 | |
| Adobe Acrobat Reader | =5.0.7 | |
| Adobe Acrobat Reader | =7.0.1 | |
| Adobe Acrobat Reader | =6.0.4 | |
| Adobe Acrobat Reader | =7.0.7 | |
| Adobe Acrobat Reader | =7.0.2 | |
| Adobe Acrobat Reader | =7.0 | |
| Adobe Acrobat Reader | =8.1.2 | |
| Adobe Acrobat Reader | =6.0.1 | |
| Adobe Acrobat Reader | =9.0 | |
| Adobe Acrobat Reader | =8.1.1 | |
| Adobe Acrobat Reader | =6.0.3 | |
| Adobe Acrobat Reader | =7.0.1 | |
| Adobe Acrobat Reader | =7.0.5 | |
| Adobe Acrobat Reader | =6.0.1 | |
| Adobe Acrobat Reader | =8.1 | |
| Adobe Acrobat Reader | =6.0.5 | |
| Adobe Acrobat Reader | =7.0.4 | |
| Adobe Acrobat Reader | <=9.2 | |
| Adobe Acrobat Reader | =5.0.6 | |
| Adobe Acrobat Reader | =7.0.9 | |
| Adobe Acrobat Reader | =5.1 | |
| Adobe Acrobat Reader | =6.0 | |
| Adobe Acrobat Reader | =6.0 | |
| Adobe Acrobat Reader | =6.0.2 | |
| Adobe Acrobat Reader | =6.0.2 | |
| Adobe Acrobat Reader | =7.0 | |
| Adobe Acrobat Reader | =6.0.4 | |
| Adobe Acrobat Reader | =4.0.5c | |
| Adobe Acrobat Reader | =7.0.4 | |
| Adobe Acrobat Reader | <=9.2 | |
| Adobe Acrobat Reader | =9.0 | |
| Adobe Acrobat Reader | =9.1 | |
| Adobe Acrobat Reader | ||
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | >=8.0<8.2 | |
| Adobe Acrobat Reader | >=9.0<9.3 | |
| Adobe Acrobat Reader | >=8.0<8.2 | |
| Adobe Acrobat Reader | >=9.0<9.3 | |
| Any of | ||
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| SUSE Linux Enterprise Debuginfo | =11 | |
| openSUSE | =11.1 | |
| openSUSE | =11.2 | |
| SUSE Linux Enterprise Server | =10.0-sp2 | |
| SUSE Linux Enterprise Server | =10.0-sp3 | |
| All of | ||
| Any of | ||
| >=8.0<8.2 | ||
| >=9.0<9.3 | ||
| >=8.0<8.2 | ||
| >=9.0<9.3 | ||
| Any of | ||
| =11 | ||
| =11.1 | ||
| =11.2 | ||
| =10.0-sp2 | ||
| =10.0-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2009-4324
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
- http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
- http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
- http://www.adobe.com/support/security/advisories/apsa09-07.html
- http://blogs.adobe.com/psirt/2010/01/pre-notification_-_quarterly_s_1.html
- http://www.adobe.com/support/security/bulletins/apsb10-02.html
- https://rhn.redhat.com/errata/RHSA-2010-0037.html
- https://rhn.redhat.com/errata/RHSA-2010-0038.html
- https://rhn.redhat.com/errata/RHSA-2010-0060.html
- https://bugzilla.redhat.com/show_bug.cgi?id=547799
- https://www.cve.org/CVERecord?id=CVE-2009-4324 https://nvd.nist.gov/vuln/detail/CVE-2009-4324
- https://access.redhat.com/errata/RHSA-2010:0060
- https://access.redhat.com/errata/RHSA-2010:0038
- https://access.redhat.com/errata/RHSA-2010:0037
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4324.json
- http://www.symantec.com/connect/blogs/zero-day-xmas-present
- http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
- http://www.securityfocus.com/bid/37331
- http://secunia.com/advisories/37690
- http://osvdb.org/60980
- http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
- http://www.vupen.com/english/advisories/2009/3518
- http://www.kb.cert.org/vuls/id/508357
- http://www.us-cert.gov/cas/techalerts/TA10-013A.html
- http://www.vupen.com/english/advisories/2010/0103
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
- http://secunia.com/advisories/38138
- http://secunia.com/advisories/38215
- http://www.redhat.com/support/errata/RHSA-2010-0060.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54747
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795
- https://nvd.nist.gov/vuln/detail/CVE-2009-4324
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2009-4324?
The severity of CVE-2009-4324 is classified as critical, as it allows remote attackers to execute code via crafted PDF files.
How do I fix CVE-2009-4324?
To fix CVE-2009-4324, users should update to Adobe Acrobat and Reader versions 9.3 and above or 8.2 and above.
Which versions of Adobe products are affected by CVE-2009-4324?
CVE-2009-4324 affects Adobe Acrobat Reader versions before 9.3 and 8.x before 8.2 as well as several earlier versions.
What type of vulnerability is CVE-2009-4324?
CVE-2009-4324 is a use-after-free vulnerability that can be exploited to execute arbitrary code.
Is there a known exploit for CVE-2009-4324?
Yes, there have been reports of exploits that take advantage of CVE-2009-4324, specifically targeting crafted PDF files.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-4324
- agent/weakness
- agent/title
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/trending
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/softwarecombine
- agent/event
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- package-manager/redhat
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/7.0.9
- version/adobe acrobat reader/8.0
- version/adobe acrobat reader/5.0.10
- version/adobe acrobat reader/4.5
- version/adobe acrobat reader/8.1.2
- version/adobe acrobat reader/5.0
- version/adobe acrobat reader/5.0.9
- version/adobe acrobat reader/9.1
- version/adobe acrobat reader/7.0.5
- version/adobe acrobat reader/7.0.6
- version/adobe acrobat reader/3.0
- version/adobe acrobat reader/6.0.5
- version/adobe acrobat reader/7.0.2
- version/adobe acrobat reader/4.0.5
- version/adobe acrobat reader/7.0.3
- version/adobe acrobat reader/4.0
- version/adobe acrobat reader/9.2
- version/adobe acrobat reader/7.0.8
- version/adobe acrobat reader/4.0.5a
- version/adobe acrobat reader/6.0.3
- version/adobe acrobat reader/8.1.1
- version/adobe acrobat reader/5.0.5
- version/adobe acrobat reader/8.1
- version/adobe acrobat reader/9.0
- version/adobe acrobat reader/7.0.7
- version/adobe acrobat reader/5.0.11
- version/adobe acrobat reader/5.0.7
- version/adobe acrobat reader/7.0.1
- version/adobe acrobat reader/6.0.4
- version/adobe acrobat reader/7.0
- version/adobe acrobat reader/6.0.1
- version/adobe acrobat reader/7.0.4
- version/adobe acrobat reader/5.0.6
- version/adobe acrobat reader/5.1
- version/adobe acrobat reader/6.0
- version/adobe acrobat reader/6.0.2
- version/adobe acrobat reader/4.0.5c
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.1
- version/opensuse/11.2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10.0-sp2
- version/suse linux enterprise server/10.0-sp3