CVE-2009-4324

CVE Database · CVE-2009-4324

CVE-2009-4324

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

81.86%

Published

Dec 15, 2009

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-06-08 · Due: 2022-06-22

Apply updates per vendor instructions.

Public PoC / Exploit (4)

All weaponized →

Exploit-DBAdobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (1)Exploit-DBAdobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (2)Exploit-DBAdobe Reader / Acrobat - '.PDF' File Overflow TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (11)

adobe · acrobat (up to 8.2)vulnerable

adobe · acrobat (up to 9.3)vulnerable

adobe · acrobat_reader (up to 8.2)vulnerable

adobe · acrobat_reader (up to 9.3)vulnerable

apple · mac_os_x

microsoft · windows

suse · linux_enterprise_debuginfovulnerable