Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution
Added: 11/20/2009CVE: CVE-2009-2997
BID: 36638
OSVDB: 58926
Background
Adobe Reader is free software for viewing PDF documents.Problem
A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files with a specially crafted field in the CLODMeshDeclaration block.Resolution
Apply one of the security patches referenced in Adobe Security Bulletin APSB09-15.References
http://securitytracker.com/id?1023007Limitations
Exploit works on Adobe Reader 9.1.The user must open the exploit file in Adobe Reader and click on the square image box.
Platforms
WindowsBack to exploit index