RedTeam Labs

Information Security Vulnerablities, Exploit Code and News

CATEGORIES:      Company News General Industry News Research List View

Adobe Doc.media.newPlayer 0-day

Category: Research Tags: Adobe, 0-day, Zero Day, Metasploit
Posted by: labs@redteamsecure.com (Jeremiah Talamantes) on 2009-12-21 10:53:35

A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the implementation of the "Doc.media.newPlayer()" JavaScript method. This can be exploited to corrupt memory and execute arbitrary code via a specially crafted PDF file.

NOTE: This vulnerability is currently being actively exploited.

The vulnerability is reported in versions 9.2 and prior.

Checkout the screencast by Offensive Security:
http://bit.ly/5n15Mn

For PoC code for Metasploit, see the download link below.



Share |



File attachment 1: Download here

Follow Our Twitter

Follow Our RSS

Share this: |


Categories



DISCLAIMER
    The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.


Contact Us

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com