Lucene search

zdiPeter Vreugdenhil ( )ZDI-11-072
HistoryFeb 08, 2011 - 12:00 a.m.

Adobe Reader BMP ColorData Remote Code Execution Vulnerability

Peter Vreugdenhil ( )





This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of rt3d.dll. When allocating a destination buffer for handling 4/8-bit RLE compressed bitmaps, the process uses the bitmap bits per pixel and number of colors values directly. A pointer is created based on the specified color depth, which can then be used to copy user supplied data into the fixed-length color data buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.