Lucene search

K
zdiMatt Molinyawe - HP Zero Day InitiativeZDI-15-510
HistoryOct 13, 2015 - 12:00 a.m.

Adobe Acrobat Reader DC ANAuthenticateResource Javascript API Restrictions Bypass Vulnerability

2015-10-1300:00:00
Matt Molinyawe - HP Zero Day Initiative
www.zerodayinitiative.com
14

EPSS

0.017

Percentile

87.7%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ANAuthenticateResource method. By creating a specially crafted PDF with specific Javascript instructions, it is possible to bypass the Javascript API restrictions. A remote attacker could exploit this vulnerability to execute arbitrary code.

EPSS

0.017

Percentile

87.7%