Lucene search

K
saintSAINT CorporationSAINT:AC43C22A92094CD032FDE7DE614FFD7A
HistoryNov 20, 2009 - 12:00 a.m.

Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution

2009-11-2000:00:00
SAINT Corporation
www.saintcorporation.com
22

0.01 Low

EPSS

Percentile

83.7%

Added: 11/20/2009
CVE: CVE-2009-2997
BID: 36638
OSVDB: 58926

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files with a specially crafted field in the CLODMeshDeclaration block.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin APSB09-15.

References

<http://securitytracker.com/id?1023007&gt;

Limitations

Exploit works on Adobe Reader 9.1.

The user must open the exploit file in Adobe Reader and click on the square image box.

Platforms

Windows

0.01 Low

EPSS

Percentile

83.7%