Antivirus and Security Software from Sophos

Psst, Mac user! We have a free Mac anti-virus just for you.

Online support

Product maintenance

Contact support

Support services

Resource centers

UK IT Security Events

Get the low-down on our cup winning security solutions to provide you with a defence dream team

Vulnerability: Adobe Reader and Adobe Acrobat remote execution vulnerability CVE-2009-4324

Back to Latest vulnerabilities homepage

Click any highlighted term for further explanation.

Details
Vulnerability name/brief description

Adobe Reader and Adobe Acrobat remote execution vulnerability CVE-2009-4324

CVE/CAN name

CVE-2009-4324

Vendor threat level Critical
SophosLabs threat level High
Solution Not available
Vendor description Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information.
SophosLabs comments This is a remote code execution vulnerability on an industry standard software application with a large user base. The vulnerability is currently not patched, with exploits seen in the wild and it is easily exploitable, in as similar way as CVE-2008-2992 which is often seen today as a part of various Web exploit toolkits.
SophosLabs testing result N/A
Currently known exploits Troj/PDFJs-FS CVE-2009-4324
First sample seen N/A
Discovery date 15th December 2009
Affected software Adobe Reader 9.2
References http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
Credits Adobe PSIRT
Revisions 15th December 2009 - initial analysis written

Explanation of terms

Vulnerability Name/Brief Description:
Vendor identifier plus a brief description of the type of attack.

CVE/CAN Name:
Currently assigned CVE name. If a CVE name doesn't exist the CAN name will be used until a CVE has been assigned.

Vendor Threat Level:
Threat level assigned by the vendor

SophosLabs Threat Level:
Threat level assigned by SophosLabs

  • LOW RISK - There is little chance of this vulnerability being actively exploited by malware.
  • MEDIUM RISK - There is a possibility of this vulnerability being actively exploited by malware.
  • HIGH RISK - There is a strong possibility of this vulnerability being actively exploited by malware.
  • CRITICAL RISK - This vulnerability will almost certainly be actively exploited by malware.

Solution:
Vendor-supplied Patch identifier and recommended solution, or workaround if applicable.

Vendor Description:
Summary of the cause and potential effect of the vulnerability provided by the vendor.

SophosLabs Comments:
SophosLabs' opinions and observations of the vulnerability in question.

SophosLabs Testing Result:
Details of completed lab testing, if applicable. Please note that the lab test environment may differ significantly from user environments.

Currently Known Exploits:
List of identities for known exploits, if applicable.

First Sample Seen:
Date of the first sample seen by SophosLabs.

Discovery Date:
Date of the earliest known publically disclosed advisory.

Affected Software:
Vulnerable platforms and software versions.

If you need more information or guidance, then please contact technical support.