Lucene search

K
saintSAINT CorporationSAINT:0DCC9D822DE8F6972D90B306EC556118
HistoryNov 20, 2009 - 12:00 a.m.

Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution

2009-11-2000:00:00
SAINT Corporation
download.saintcorporation.com
12

EPSS

0.01

Percentile

83.7%

Added: 11/20/2009
CVE: CVE-2009-2997
BID: 36638
OSVDB: 58926

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files with a specially crafted field in the CLODMeshDeclaration block.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin APSB09-15.

References

<http://securitytracker.com/id?1023007&gt;

Limitations

Exploit works on Adobe Reader 9.1.

The user must open the exploit file in Adobe Reader and click on the square image box.

Platforms

Windows

EPSS

0.01

Percentile

83.7%