Wednesday, December 7, 2011

Analyzing CVE-2011-2462 - Part One

Via (Brandon Dixon) -

Before I went to bed last night I took a look at uploaded files to PDF X-RAY in hopes that Christmas would come early (CVE-2011-2462 in my reports) and was surprised when I came across a file with /U3D references. I snatched the file off the server, opened up my snapshots to the latest 9.4 build of Adobe and ran the file. Reader crashed, and a new document was successfully opened. That was enough to stay up, so analysis started and can be found below.

Read the full analysis by Brandon @


Mila Parkour also links to Brandon's analysis and adds additional information over at Contagio.

No comments:

Post a Comment