Lucene search

K
zdiAbdulAziz Hariri - HP Zero Day InitiativeZDI-15-312
HistoryJul 14, 2015 - 12:00 a.m.

Adobe Acrobat Pro Reports Save Out-Of-Bounds Read Remote Code Execution Vulnerability

2015-07-1400:00:00
AbdulAziz Hariri - HP Zero Day Initiative
www.zerodayinitiative.com
17

EPSS

0.036

Percentile

91.8%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Report object. Attempting to save specially crafted reports can force Adobe Acrobat Pro to read memory past the end of an allocated object. An attacker could leverage this vulnerability to execute code under the context of the current process.