Brief analysis of the Adobe vulnerability

We have published the Security Advisory for Adobe Reader and Acrobat informing the users about the vulnerability found in the Adobe Acrobat and Adobe Reader which is currently actively exploited.

The vulnerability in the U3D component allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

A specially crafted PDF file which contains a 3D image can trigger the vulnerability. When the reader encounters the 3D object, it tries to process the data in order to render it. Because of a software bug it produces an overflow which crashes the program and creates the attack vector.

The assembler code above shows the code that is influenced by the memory corruption. Basically, instead of simply terminating the reader process, opening a specially crafted PDF document allows to do other actions, usually malicious.

According to NIST, the base score of the vulnerability is HIGH which means it is extremely dangerous because it allows unauthorized disclosure of information and unauthorized modification.

For the users who are worried about their safety, we recommend to consider one of several free PDF reader alternatives to Adobe, like FoxitNitro PDF and Sumatra PDF.

 

Starting with the engine version 8.2.6.134 released on December 8th 2011, all Avira software detect this exploit as EXP/CVE-2011-2462.

 

Sorin Mustaca

Data Security Expert