Adobe Reader Read Restrictions Bypass Sandbox Escape Vulnerability

2015-10-13T00:00:00
ID ZDI-15-468
Type zdi
Reporter AbdulAziz Hariri and Jasiel Spelman of HP Zero Day Initiative
Modified 2015-11-09T00:00:00

Description

This vulnerability allows local attackers to disclose arbitrary PDF files on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within Acrobat Reader printing. An attacker running code in the context of a sandboxed Adobe Reader process can print arbitrary PDF files on remote printers.