Arbitrary code execution vulnerability in Adobe Reader before 9.4.2 (Linux)ID: oval:org.secpod.oval:def:368 | Date: (C)2011-03-11 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Adobe Reader and is prone to arbitrary code execution vulnerability. A flaw is present in the U3D component in Adobe Reader before 9.4.2, where the application uses the Parent Node count to calculate the size of an allocation and the value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value., writes to this newly allocated buffer can be outside the bounds of its allocation. Successful exploitation allows remote attacker to execute arbitrary code under the context of the application.