HTTP: Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader U3D. A successful attack can lead to arbitrary code execution.
Extended Description
Adobe Reader and Acrobat are prone to a heap-based memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected applications. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions *prior to* Reader and Acrobat 7.1.4, 8.1.7, and 9.2. This issue was previously covered in BID 36638 (Adobe Reader and Acrobat October 2009 Multiple Remote Vulnerabilities), but has been given its own record to better document it.
Affected Products
Red_hat enterprise_linux_as_extras
Short Name
HTTP:STC:ADOBE:PDF-U3D-CLOD
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Acrobat Adobe CLODMeshContinuation CVE-2009-2990 CVE-2009-2997 Code Execution Reader U3D bid:36671
Release Date
10/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Sun
Adobe
Suse
Gentoo
CVSS Score
9.3