Adobe has patched a use-of-uninitialized-memory vulnerability in the JPEG decoder of Acrobat Reader that results in a heap overflow which in turn can be exploited to remotely execute code.
Adobe has patched a use-of-uninitialized-memory vulnerability in the JPEG decoder of Acrobat Reader that results in a heap overflow which in turn can be exploited to remotely execute code.

One of the vulnerabilities patched in Adobe Systems' most recent software update was a flaw in the JPEG decoder and parser of Adobe Acrobat Reader, which could have been exploited to execute code remotely, Cisco's Talos threat intelligence division

According to a Talos security advisory posted last week, the specific flaw is a use-of-uninitialized-memory vulnerability that results in a heap-based buffer overflow, which can in turn be abused using a specially crafted PDF file with an embedded JPEG. Users can fall victim to the bug by visiting a malicious web page or opening a malicious email attachment.

Patched earlier this month, the bug in the JPEG decoder was discovered by Talos researcher Aleksandar Nikolic. Officially designated as CVE-2017-2971, the vulnerability "can result in the use of two 4 byte integer values which are previously uninitialized," the advisory explains. "The use of these two uninitialized variables leads to further process corruptions..."

As with previous Reader exploits, "the heap can be groomed in a specific way so that the uninitialized memory falls under attackers' control, which could then end up controlling the heap buffer overflow size directly, Talos continues in its advisory. "With further heap layout control this can lead to successful exploitation and remote code execution."