Adobe Reader U3D Heap Overflow

Added: 12/21/2011
CVE: CVE-2011-2462
BID: 50922
OSVDB: 77529

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files. This vulnerability is unrelated to CVE-2009-2997.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin ASPA11-04.

References

http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html

Limitations

This exploit has been tested against Adobe Systems Reader 9.4.6 on Windows XP SP3 English (DEP OptIn). While our testing suggests that reliable exploitation is likely, due the volatile nature of heap locations, this exploit may not be 100% reliable and may occasionally cause Reader to crash without executing the payload.

Platforms

Windows

Back to exploit index