Immunity, Inc.
Name acrobat_u3d_mesh
CVE CVE-2009-3953
Exploit Pack CANVAS
Descriptionacrobat_u3d_mesh
NotesCVE Name: CVE-2009-3953
Notes:
This exploit works on Windows XP without DEP. DEP defaults to "opt-in" on Windows XP SP2/3. IE8 and modern Firefox
will opt-in to DEP, causing this exploit to fail silently.

IE7 will work by default (opt-in). Obviously, if the machine does not support DEP (older machines)
then this exploit will also work.


VersionsAffected: Acrobat Reader <=8.1.6 and <=9.1.3 (SA|IE6,7,8|FF3.0.15,5.4) NODEP!
Repeatability:
References: http://www.adobe.com/support/security/bulletins/apsb09-15.html
Date public: 10/13/2009
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994

Learn more about the CANVAS Exploit Pack here: CANVAS