Lucene search
AbdulAziz Hariri of Haboob SAZDI-23-1108HistoryAug 15, 2023 - 12:00 a.m.
(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request Exposed Dangerous Method Sandbox Escape
2023-08-1500:00:00
AbdulAziz Hariri of Haboob SA
www.zerodayinitiative.com
8
vulnerability
remote attackers
sandbox escape
adobe acrobat reader dc
net.http.request
mini-browser session
0.006 Low
EPSS
Percentile
79.2%
This vulnerability allows remote attackers to escape the sandbox on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Net.HTTP.request method. The component exposes an undocumented verb that allows an attacker to open a mini-browser session. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the current process.
Related
cve
cve
CVE-2023-26405
2023-04-12 21:15:20
cvelist
cvelist
nvd
nvd
CVE-2023-26405
2023-04-12 21:15:20
zdi
zdi
prion
prion
Input validation
2023-04-12 21:15:00
openvas
openvas
Adobe Reader Classic 2020 Security Update (APSB23-24) - Mac OS X
2023-04-14 00:00:00
Adobe Acrobat Classic 2020 Security Update (APSB23-24) - Mac OS X
2023-04-14 00:00:00
Adobe Reader Classic 2020 Security Update (APSB23-24) - Windows
2023-04-14 00:00:00
nessus
nessus
kaspersky
kaspersky
KLA48835 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
2023-04-11 00:00:00
adobe
adobe
APSB23-24 : Security update available for Adobe Acrobat and Reader
2023-04-11 00:00:00