1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Acrobat and Reader Use-After-Free Vulnerability

Known Exploited Vulnerabilities CVE-2009-4324

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2009-4324 Adobe Acrobat and Reader Use-After-Free Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This vulnerability is exploited by having the user open a maliciously-crafted pdf file. In the wild, this has been observed to result in a malicious actor installing a custom executable on the victim's machine, and establishing communications.
References
  1. https://trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/15/adobe-reader-and-acrobat-cve20094324-vulnerability
CVE-2009-4324 Adobe Acrobat and Reader Use-After-Free Vulnerability primary_impact T1071.001 Web Protocols
Comments
This vulnerability is exploited by having the user open a maliciously-crafted pdf file. In the wild, this has been observed to result in a malicious actor installing a custom executable on the victim's machine, and establishing communications.
References
  1. https://trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/15/adobe-reader-and-acrobat-cve20094324-vulnerability