A memory corruption flaw exists in Adobe Reader and Acrobat . The program fails to sanitize user-supplied input when handling U3D data, resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

Upgrade to version 9.4.6 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Run in protected mode for Adobe Reader / Acrobat X.

• OVAL ID: 14562
• Exploit Database: 18366
• CVE ID: 2011-2462 (see also: NVD)
• Secunia Advisory ID: 47133 47510 47614 47680
• Bugtraq ID: 50922
• Metasploit ID: 77529
• Vendor Specific Advisory URL: http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html
  http://www.adobe.com/support/security/advisories/apsa11-04.html
• Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html
  http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html
• Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-updates/2012-01/msg00030.html
  http://www.adobe.com/support/security/bulletins/apsb11-30.html
  http://www.adobe.com/support/security/bulletins/apsb12-01.html
  http://www.gentoo.org/security/en/glsa/glsa-201201-19.xml
• News Article: http://www.computerworld.com/s/article/9222454/Hackers_exploit_Adobe_Reader_zero_day_may_be_targeting_defense_contractors
• Other Advisory URL: http://www.virustotal.com/file-scan/report.html?id=036e049c625a2c3fc5f434d0784a2a215fbde7a90c561db731ba598509860a0c-1323339076
• RedHat RHSA: RHSA-2012:0011

• Lockheed Martin CIRT - Lockheed Martin CIRT
• Anonymous - Defense Security Information Exchange