Lucene search

K
zdiPeter Vreugdenhil ( http://vreugdenhilresearch.nl )ZDI-11-072
HistoryFeb 08, 2011 - 12:00 a.m.

Adobe Reader BMP ColorData Remote Code Execution Vulnerability

2011-02-0800:00:00
Peter Vreugdenhil ( http://vreugdenhilresearch.nl )
www.zerodayinitiative.com
14

EPSS

0.349

Percentile

97.1%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of rt3d.dll. When allocating a destination buffer for handling 4/8-bit RLE compressed bitmaps, the process uses the bitmap bits per pixel and number of colors values directly. A pointer is created based on the specified color depth, which can then be used to copy user supplied data into the fixed-length color data buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.