Signature Detail

HTTP: Adobe Reader U3D ShadingModifierBlock Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Extended Description

Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Affected Products

• Adobe acrobat 10.0
• Adobe acrobat 10.0.1
• Adobe acrobat 10.0.2
• Adobe acrobat 10.0.3
• Adobe acrobat 10.1
• Adobe acrobat 10.1.1
• Adobe acrobat 9
• Adobe acrobat 9.1.1
• Adobe acrobat 9.2
• Adobe acrobat 9.3
• Adobe acrobat 9.3.1
• Adobe acrobat 9.3.2
• Adobe acrobat 9.3.3
• Adobe acrobat 9.3.3
• Adobe acrobat 9.3.4
• Adobe acrobat 9.3.4
• Adobe acrobat 9.4
• Adobe acrobat 9.4.1
• Adobe acrobat 9.4.2
• Adobe acrobat 9.4.3
• Adobe acrobat 9.4.4
• Adobe acrobat 9.4.5
• Adobe acrobat 9.4.6
• Adobe acrobat_professional 10.0
• Adobe acrobat_professional 10.0.1
• Adobe acrobat_professional 10.0.2
• Adobe acrobat_professional 10.0.3
• Adobe acrobat_professional 10.1
• Adobe acrobat_professional 10.1.1
• Adobe acrobat_professional 9.1
• Adobe acrobat_professional 9.1.2
• Adobe acrobat_professional 9.1.3
• Adobe acrobat_professional 9.2
• Adobe acrobat_professional 9.3
• Adobe acrobat_professional 9.3.1
• Adobe acrobat_professional 9.3.2
• Adobe acrobat_professional 9.3.3
• Adobe acrobat_professional 9.3.4
• Adobe acrobat_professional 9.4
• Adobe acrobat_professional 9.4.1
• Adobe acrobat_professional 9.4.2
• Adobe acrobat_professional 9.4.3
• Adobe acrobat_professional 9.4.4
• Adobe acrobat_professional 9.4.5
• Adobe acrobat_professional 9.4.6
• Adobe acrobat_standard 10.0.1
• Adobe acrobat_standard 10.0.2
• Adobe acrobat_standard 10.0.3
• Adobe acrobat_standard 10.1
• Adobe acrobat_standard 10.1.1
• Adobe acrobat_standard 9.1
• Adobe acrobat_standard 9.1.2
• Adobe acrobat_standard 9.1.3
• Adobe acrobat_standard 9.2
• Adobe acrobat_standard 9.3
• Adobe acrobat_standard 9.3.1
• Adobe acrobat_standard 9.3.2
• Adobe acrobat_standard 9.3.3
• Adobe acrobat_standard 9.3.4
• Adobe acrobat_standard 9.3.4
• Adobe acrobat_standard 9.4
• Adobe acrobat_standard 9.4.1
• Adobe acrobat_standard 9.4.2
• Adobe acrobat_standard 9.4.3
• Adobe acrobat_standard 9.4.4
• Adobe acrobat_standard 9.4.5
• Adobe acrobat_standard 9.4.6
• Adobe reader 10.0
• Adobe reader 10.0.1
• Adobe reader 10.0.2
• Adobe reader 10.0.3
• Adobe reader 10.1
• Adobe reader 10.1.1
• Adobe reader 9
• Adobe reader 9.1
• Adobe reader 9.1.1
• Adobe reader 9.1.2
• Adobe reader 9.1.3
• Adobe reader 9.2
• Adobe reader 9.3
• Adobe reader 9.3.1
• Adobe reader 9.3.2
• Adobe reader 9.3.3
• Adobe reader 9.3.4
• Adobe reader 9.3.4
• Adobe reader 9.4
• Adobe reader 9.4.1
• Adobe reader 9.4.2
• Adobe reader 9.4.3
• Adobe reader 9.4.4
• Adobe reader 9.4.5
• Adobe reader 9.4.6
• Gentoo linux
• Red_hat desktop_extras 4
• Red_hat enterprise_linux_as_extras 4
• Red_hat enterprise_linux_desktop_supplementary 5 Client
• Red_hat enterprise_linux_desktop_supplementary 6
• Red_hat enterprise_linux_es_extras 4
• Red_hat enterprise_linux_extras 4
• Red_hat enterprise_linux_server_supplementary 6
• Red_hat enterprise_linux_supplementary 5 Server
• Red_hat enterprise_linux_workstation_supplementary 6
• Red_hat enterprise_linux_ws_extras 4
• Suse opensuse 11.3
• Suse opensuse 11.4
• Suse suse_linux_enterprise_desktop 10 SP4
• Suse suse_linux_enterprise_desktop 11 SP1

References

• BugTraq: 50922
• CVE: CVE-2011-2462
• URL: http://www.adobe.com/support/security/advisories/apsa11-04.html
• URL: http://blog.9bplus.com/analyzing-cve-2011-2462
• URL: https://sites.google.com/site/felipeandresmanzano/PDFU3DExploitJS_CVE_2009_2990.py?attredirects=0
• URL: http://contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html