Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux


### Summary A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC, version 2020.012.20043. With careful memory manipulation, this can lead to the disclosure of sensitive information, as well as memory corruption, which can lead to arbitrary code execution. To trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page. ### Tested Versions Adobe Acrobat Reader 2020.012.20043 ### Product URLs <https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html> ### CVSSv3 Score 8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ### CWE CWE-122 - Heap-based Buffer Overflow ### Details Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability. Adobe Acrobat Reader DC supports embedded JavaScript code in the PDF to allow for interactive PDF forms. This gives the potential attacker the ability to precisely control memory layout and poses additional attack surface. When testing a newer version of Adobe Acrobat Reader, it was discovered that we were able to reproduce a previously patched vulnerability again. Namely, a heap buffer overflow vulnerability, TALOS-2020-1031, was disclosed to Adobe and patched in an update on the fifth of April. Details of the vulnerability remain the same. ### Timeline 2020-09-24 - Vendor Disclosure 2020-11-05 - Public Release