Lucene search

SAINT CorporationSAINT:C6D7B175C464FAAED01654B48ACA5121

HistoryNov 20, 2009 - 12:00 a.m.

Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution

2009-11-2000:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.01

Percentile

83.7%

JSON

Added: 11/20/2009
CVE: CVE-2009-2997
BID: 36638
OSVDB: 58926

Background

Adobe Reader is free software for viewing PDF documents.

Problem

A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D (U3D) files with a specially crafted field in the CLODMeshDeclaration block.

Resolution

Apply one of the security patches referenced in Adobe Security Bulletin APSB09-15.

References

<http://securitytracker.com/id?1023007>

Limitations

Exploit works on Adobe Reader 9.1.

The user must open the exploit file in Adobe Reader and click on the square image box.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.01

Percentile

83.7%

JSON

Related for SAINT:C6D7B175C464FAAED01654B48ACA5121