This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:PDF-U3D-CLOD
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow
|
Release Date |
2010/10/25
|
Update Number |
1798
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in Adobe Acrobat Reader. It is due to an integer overflow when processing the "Shading Count" field in the CLOD Mesh Declaration block. This can be exploited by remote attackers to execute arbitrary code on the system by enticing a user to open a maliciously crafted PDF document. In a successful attack, the injected code runs within the security context of the currently logged in user. In an unsuccessful attack, the affected application can terminate abnormally leading to a denial-of-service condition.
Extended Description
Adobe Acrobat and Reader are prone to a heap-based buffer-overflow vulnerability because they fail to properly validate user-supplied input.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial of service.
The following products are affected:
Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.1 and prior for Windows and Macintosh
Adobe Reader 8.2.1 and prior for Windows and Macintosh
Acrobat 8.2.1 and prior for Windows and Macintosh
Note: This vulnerability was previously documented in BID 39329 (Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities) but has been given its own record to better document the issue.
Affected Products
- Adobe acrobat 9.1.1
- Adobe acrobat 9.2
- Adobe acrobat 9.3
- Adobe acrobat 9.3.1
- Adobe acrobat_professional 8.0
- Adobe acrobat_professional 8.1
- Adobe acrobat_professional 8.1.1
- Adobe acrobat_professional 8.1.2
- Adobe acrobat_professional 8.1.2 Security Update 1
- Adobe acrobat_professional 8.1.3
- Adobe acrobat_professional 8.1.4
- Adobe acrobat_professional 8.1.6
- Adobe acrobat_professional 8.1.7
- Adobe acrobat_professional 8.2
- Adobe acrobat_professional 8.2.1
- Adobe acrobat_professional 9.3
- Adobe acrobat_professional 9.3.1
- Adobe acrobat_standard 8.0
- Adobe acrobat_standard 8.1
- Adobe acrobat_standard 8.1.1
- Adobe acrobat_standard 8.1.2
- Adobe acrobat_standard 8.1.3
- Adobe acrobat_standard 8.1.4
- Adobe acrobat_standard 8.1.6
- Adobe acrobat_standard 8.1.7
- Adobe acrobat_standard 8.2
- Adobe acrobat_standard 8.2.1
- Adobe acrobat_standard 9
- Adobe acrobat_standard 9.1
- Adobe acrobat_standard 9.1.2
- Adobe acrobat_standard 9.1.3
- Adobe acrobat_standard 9.2
- Adobe acrobat_standard 9.3
- Adobe acrobat_standard 9.3.1
- Adobe reader 8.0
- Adobe reader 8.1
- Adobe reader 8.1.1
- Adobe reader 8.1.2
- Adobe reader 8.1.2 Security Update 1
- Adobe reader 8.1.3
- Adobe reader 8.1.4
- Adobe reader 8.1.5
- Adobe reader 8.1.6
- Adobe reader 8.1.7
- Adobe reader 8.2
- Adobe reader 8.2.1
- Adobe reader 9
- Adobe reader 9.1
- Adobe reader 9.1.1
- Adobe reader 9.1.2
- Adobe reader 9.1.3
- Adobe reader 9.2
- Adobe reader 9.3
- Adobe reader 9.3.1
- Gentoo linux
- Red_hat desktop_extras 4
- Red_hat enterprise_linux_as_extras 4
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Red_hat enterprise_linux_es_extras 4
- Red_hat enterprise_linux_extras 4
- Red_hat enterprise_linux_supplementary 5 Server
- Red_hat enterprise_linux_ws_extras 4
- Suse opensuse 11.0
- Suse opensuse 11.1
- Suse opensuse 11.2
- Suse suse_linux_enterprise_desktop 10 SP2
- Suse suse_linux_enterprise_desktop 10 SP3
- Suse suse_linux_enterprise_desktop 11
References