Tuesday, January 11, 2022

Vulnerability Spotlight: Two vulnerabilities in Adobe Acrobat DC could lead to arbitrary code execution



Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered two vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code.  

Acrobat is one of the most popular PDF reader software options available currently. It includes the ability to read and process JavaScript to give PDFs greater interactivity and customization options for users. Both vulnerabilities exist in the way Acrobat Reader processes JavaScript.  

TALOS-2021-1387 (CVE-2021-44710) is a use-after-free vulnerability that is triggered if the user opens a PDF with specially crafted, malicious JavaScript. The code could give attackers control over reused memory, which can lead to arbitrary code execution.

Similarly, TALOS-2021-1410 (CVE-2021-44711) also is triggered if the target opens a specially crafted PDF file, however, this vulnerability causes an integer overflow condition, which could eventually lead to code execution. 

Cisco Talos worked with Adobe to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy. 

Users are advised to update the following software, which is tested and confirmed to be affected by this vulnerability: Adobe Acrobat Reader, version 2021.007.20099.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58367, 58368, 58553 and 58554. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall management center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.