The host is installed with Adobe Reader 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 and is prone to arbitrary code execution vulnerability. A flaw is present in U3D component, which fails to properly validate Parent Node count that calculates the size of an allocation. The result of this size calculation can be wrapped to an unexpectedly small and insufficient value causing buffer-out-of-bound condition. Successful exploitation allows remote attackers to execute arbitrary code under the context of the application.