1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MSIE Adobe U3DFile ArrayIndex BO

MSIE Adobe U3DFile ArrayIndex BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature will detect attempts to exploit a remote code-execution vulnerability in Adobe Reader.

Additional Information

Adobe Reader and Acrobat are applications for handling PDF files.

The software is prone to a remote code-execution vulnerability because it fails to properly validate user-supplied input. This problem occurs when parsing a file index value from a U3D 'CLODProgressiveMeshContinuation' block (blocktype: 0xFFFFFF3C) embedded in a PDF file. This can result in a user-supplied value being used as a function pointer.

An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions.

This issue was previously covered in BID 36638 (Adobe Reader and Acrobat October 2009 Multiple Remote Vulnerabilities), but has been given its own record to better document it.

Response

Updates are available. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube