Adobe Reader U3D Heap Overflow
Added: 12/21/2011CVE: CVE-2011-2462
BID: 50922
OSVDB: 77529
Background
Adobe Reader is free software for viewing PDF documents.Problem
A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files. This vulnerability is unrelated to CVE-2009-2997.Resolution
Apply one of the security patches referenced in Adobe Security Bulletin ASPA11-04.References
http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.htmlLimitations
This exploit has been tested against Adobe Systems Reader 9.4.6 on Windows XP SP3 English (DEP OptIn). While our testing suggests that reliable exploitation is likely, due the volatile nature of heap locations, this exploit may not be 100% reliable and may occasionally cause Reader to crash without executing the payload.Platforms
WindowsBack to exploit index