Architecture, Network security, Strategy, Vulnerability management

Patched Acrobat Reader heap overflow flaw could result in remote code execution

January 25, 2017

One of the vulnerabilities patched in Adobe Systems' most recent software update was a flaw in the JPEG decoder and parser of Adobe Acrobat Reader, which could have been exploited to execute code remotely, Cisco's Talos threat intelligence division

According to a Talos security advisory posted last week, the specific flaw is a use-of-uninitialized-memory vulnerability that results in a heap-based buffer overflow, which can in turn be abused using a specially crafted PDF file with an embedded JPEG. Users can fall victim to the bug by visiting a malicious web page or opening a malicious email attachment.

Patched earlier this month, the bug in the JPEG decoder was discovered by Talos researcher Aleksandar Nikolic. Officially designated as CVE-2017-2971, the vulnerability "can result in the use of two 4 byte integer values which are previously uninitialized," the advisory explains. "The use of these two uninitialized variables leads to further process corruptions..."

As with previous Reader exploits, "the heap can be groomed in a specific way so that the uninitialized memory falls under attackers' control, which could then end up controlling the heap buffer overflow size directly, Talos continues in its advisory. "With further heap layout control this can lead to successful exploitation and remote code execution." 

prestitial ad