Adobe Reader DC U3D Out-Of-Bounds Read Information Disclosure Vulnerability

2016-05-10T00:00:00
ID ZDI-16-319
Type zdi
Reporter kdot
Modified 2016-11-09T00:00:00

Description

This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of U3D files. The issue lies in the failure to ensure that user-supplied input is within the bounds of an allocated buffer. An attacker can leverage this vulnerability to disclose the contents of adjacent memory.