Adobe ReaderDC arbitrary code execution vulnerability found
Adobe ReaderDC arbitrary code execution vulnerability found

Cisco Talos has made public a new vulnerability in Adobe ReaderDC that if exploited can lead to arbitrary code execution.

Because Adobe ReaderDC supports embedded Javascript scripts in the PDF an attacker has the potential ability to precisely control memory layout and create an additional attack surface.

“A specific Javascript script embedded in a PDF file can cause the document ID field to be used in an unbounded copy operation leading to stack-based buffer overflow when opening a specially crafted PDF document in Adobe Acrobat Reader DC 2018.009.20044,” Cisco reported.

The stack overlow can lead to an action called return address overwrite which can result in the code execution. However, to utilize this vulnerability the target needs to open a malicious file or access a malicious webpage.

Snort Rules 45102-3 will detect exploitation attempts.