Lucene search

K
zdiMatt Molinyawe and Jasiel Spelman of HP Zero Day InitiativeZDI-15-499
HistoryOct 13, 2015 - 12:00 a.m.

Adobe Acrobat Reader DC DynamicAnnotStore Javascript API Restrictions Bypass Vulnerability

2015-10-1300:00:00
Matt Molinyawe and Jasiel Spelman of HP Zero Day Initiative
www.zerodayinitiative.com
8

EPSS

0.017

Percentile

87.7%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DynamicAnnotStore method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code.

EPSS

0.017

Percentile

87.7%