Adobe Reader and Acrobat U3D Shading Modifier Memory Corruption (APSA11-04; CVE-2011-2462)
| Check Point Reference: | CPAI-2011-565 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adobe Security Advisory APSA11-04 | |
| Industry Reference(s): | CVE-2011-2462 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh | ||
| Vulnerability Description A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. |
||
|
Update/Patch Available Adobe has released an advisory to address this vulnerability |
|
|
Vulnerability Details The vulnerability is due to an error in the way Adobe Reader and Acrobat parse PDF files containing a U3D image stream. A remote attacker could trigger this issue by enticing a user to open a specially crafted PDF file using a vulnerable version of the products. Successful exploitation will result in a denial of service condition, causing the application to become non-responsive, and may allow arbitrary code execution. |
Protection Overview
This protection will detect and block attempts to transfer malformed PDF files over HTTP.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.