Adobe Reader U3D Processing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader 10.1.4 on OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within parsing a U3D file within a PDF. The parsing code fails to validate a value from the file used as size parameter for an allocation routine. This could lead to an integer overflow resulting in an out-of-bound index into a list of objects. This results in an attacker being able to specify an arbitrary value for a function pointer, which leads to the execution of arbitrary code.