Lucene search

K
zdtPier-Luc Maltais1337DAY-ID-26002
HistoryMay 10, 2016 - 12:00 a.m.

Adobe Reader DC 15.010.20060 - Memory Corruption

2016-05-1000:00:00
Pier-Luc Maltais
0day.today
22

0.696 Medium

EPSS

Percentile

97.7%

Exploit for multiple platform in category dos / poc

########################################################################################
   
# Title: Adobe Reader DC <= 15.010.20060 - Memory corruption
# Application: Adobe Reader DC
# Version: 15.010.20060 and earlier versions
# Platform: Windows and Macintosh
# Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html
# Date: May 10, 2016
# CVE: CVE-2016-1077
# Author: Pier-Luc Maltais from COSIG
# Contact: https://twitter.com/COSIG_
# Personal contact: https://twitter.com/plmaltais
   
########################################################################################
   
===================
Introduction:
===================
 More powerful than other PDF software, Adobe Acrobat Reader DC is the free, trusted 
 standard for viewing, printing and annotating PDFs. And now, it’s connected to Adobe 
 Document Cloud β€” so it’s easier than ever to work with PDFs on computers and mobile 
 devices. (https://acrobat.adobe.com/ca/en/acrobat/pdf-reader.html)
  
########################################################################################
   
===================
Report Timeline:
===================
 2016-02-04: Pier-Luc Maltais from COSIG found the issue and report it to Adobe PSIRT.
 2016-05-10: Vendor fixed the issue (APSB16-14).
 2016-03-08: Release of this advisory.
  
########################################################################################
   
===================
Technical details:
===================
 A memory corruption occurs when Adobe Reader DC handle a specially crafted image 
 XObject, which could lead to remote code execution.
   
########################################################################################
   
==========
POC:
==========
https://plmsecurity.net/sites/plmsecurity.net/files/APSB16-14_PoC.pdf
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39799.zip
   
########################################################################################

#  0day.today [2018-03-19]  #