The Latest in IT Security

Brief analysis of the Adobe vulnerability


We have published the Security Advisory for Adobe Reader and Acrobat informing the users about the vulnerability found in the Adobe Acrobat and Adobe Reader which is currently actively exploited.

The vulnerability in the U3D component allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

A specially crafted PDF file which contains a 3D image can trigger the vulnerability. When the reader encounters the 3D object, it tries to process the data in order to render it. Because of a software bug it produces an overflow which crashes the program and creates the attack vector.

The assembler code above shows the code that is influenced by the memory corruption. Basically, instead of simply terminating the reader process, opening a specially crafted PDF document allows to do other actions, usually malicious.

According to NIST, the base score of the vulnerability is HIGH which means it is extremely dangerous because it allows unauthorized disclosure of information and unauthorized modification.

For the users who are worried about their safety, we recommend to consider one of several free PDF reader alternatives to Adobe, like Foxit, Nitro PDF and Sumatra PDF.


Starting with the engine version released on December 8th 2011, all Avira software detect this exploit as EXP/CVE-2011-2462.


Sorin Mustaca

Data Security Expert

Leave a reply


MONDAY, JUNE 17, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments