Lucene search

K
saintSAINT CorporationSAINT:C7CA004BAF67961B8B548E71319C3ECE
HistoryNov 20, 2009 - 12:00 a.m.

Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution

2009-11-2000:00:00
SAINT Corporation
download.saintcorporation.com
12

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.01

Percentile

83.7%

Added: 11/20/2009
CVE: CVE-2009-2997
BID: 36638
OSVDB: 58926

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files with a specially crafted field in the CLODMeshDeclaration block.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin APSB09-15.

References

<http://securitytracker.com/id?1023007&gt;

Limitations

Exploit works on Adobe Reader 9.1.

The user must open the exploit file in Adobe Reader and click on the square image box.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.01

Percentile

83.7%