Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution

Added: 11/20/2009
CVE: CVE-2009-2997
BID: 36638
OSVDB: 58926

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files with a specially crafted field in the CLODMeshDeclaration block.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin APSB09-15.

References

http://securitytracker.com/id?1023007

Limitations

Exploit works on Adobe Reader 9.1.

The user must open the exploit file in Adobe Reader and click on the square image box.

Platforms

Windows

Back to exploit index