- CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2, and possibly earlier versions, allows remote attackers to execute arbitrary code using ZLib compressed streams, as exploited in the wild in December 2009.
Download all together with the binary that it downloads from hxxxp://foruminspace.com/documents/dprk/ (Password protected archive. Use the same password you used on the samples above or contact me for the password)
Note: A few people reported problems with unzipping the files - use 7Zip http://www.7-zip.org if you do. Please email the name of the file or provide a link when asking for a password.
See post with CVE-2009-4324 Sample#0 (Nov. 30, 2009) note200911.pdf 61baabd6fc12e01ff73ceacc07c84f9a
See post with CVE-2009-4324 sample #1 (Dec 11, 2009) note_20091210.pdf 61baabd6fc12e01ff73ceacc07c84f9a
See post with CVE-2009-4324 sample #2 (Dec. 13, 2009) Outline of Interview.pdf 35e8eeee2b94cbe87e3d3f843ec857f6