多款Adobe产品缓冲区错误漏洞

Adobe Acrobat is a set of PDF file editing and conversion tools. The software is used to print, sign and annotate PDFs.Several Adobe products are vulnerable to an out-of-bounds reading vulnerability, which stems from a boundary error when processing PDF files. A remote attacker could use the...

多款Adobe产品资源管理错误漏洞

Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. Adobe Acrobat and Adobe Acrobat Reader are vulnerable to resource management errors, which remote attackers use to trick victims into openi...

多款Adobe产品缓冲区错误漏洞

Adobe Acrobat is a set of PDF file editing and conversion tools. The software is used to print, sign and annotate PDFs.Several Adobe products are vulnerable to an out-of-bounds reading vulnerability, which stems from a boundary error when processing PDF files. A remote attacker could use the...

CVE-2022-22633

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2020 are related to reading beyond the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to reading data beyond the buffer in memory. Exploiting this...

IOC Scraper - A Fast And Reliable Service That Enables You To Extract IOCs And Intelligence From Different Data Sources

IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily. Features Defanged IOCs : Supports extracting and defanging IOCs. Whitelist...

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

By Asheer Malhotra and Vitor Ventura. Cisco Talos has observed a new campaign targeting Turkish private organizations alongside governmental institutions. Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran's Ministry of Intelligence and...

CVE-2022-24196

iText v7.1.17, up to exluding": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...

Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users

Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat APT group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deplo...

Adobe Acrobat and Reader 资源管理错误漏洞

Adobe Reader also known as Acrobat Reader is a PDF file reader software developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has a resource management error vulnerability, which can be exploited by remote attackers to Creating specially crafted PDF...

CVE-2021-44001

A vulnerability has been identified in JT2Go All versions V13.2.0.5, Teamcenter Visualization All versions V13.2.0.5. The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in...

Autodesk Navisworks 缓冲区错误漏洞

Autodesk Navisworks, a 3D model review software for architecture, engineering and construction, is vulnerable to an out-of-bounds read vulnerability in Autodesk Navisworks versions 2019, 2020, 2021, 2022. An attacker can exploit the vulnerability to execute arbitrary code via specially crafted PD...

CVE-2021-30786

A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution...

US Media, Retailers Targeted by New SparklingGoblin APT

An emerging international cybergang is broadening its targets to include North American media firms, universities and one computer retailer. The advanced persistent threat APT group is new, according to researchers who dubbed it SparklingGoblin. Also new is a novel backdoor technique, called...

USN-5026-2 qpdf vulnerabilities

USN-5026-1 fixed several vulnerabilities in QPDF. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources,...

Vulnerabilities fixed in Foxit Reader

Vulnerabilities have been fixed in Foxit PDF Reader and PDF Editor. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User Rights To exploit these...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are caused by buffer overflows in the “heap,” allowing attackers to execute arbitrary code.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are due to buffer overflow attacks. Exploiting these vulnerabilities allows an attacker to execute arbitrary code within the...

Autodesk Design Review 安全漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software support software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a type obfuscation vulnerability that could b...

Malicious PDFs Flood the Web, Lead to Password-Snarfing

The pushers behind the SolarMarker backdoor malware are flooding the web with PDFs stuffed with keywords and links that redirect to the password-stealing, credential-snarfing malware. Microsoft Security Intelligence said in a Tweet on Friday that the SolarMarker also known as Jupyter makers are...

Falsifying and weaponizing certified PDFs

The Portable Document Format PDF file type is one of the most common file formats in use today. Its value comes from the fact that PDFs always print the same way, and that PDFs are supposed to be read-only unlike a Word document, say, which is designed to be easy to edit. This immutability can be...