Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall
Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into
web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger these vulnerabilities.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Adobe to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow (TALOS-2020-1157/CVE-2020-24435)
A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to sensitive information being disclosed as well as memory corruption which can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.
When testing a newer version of Adobe Acrobat Reader, it was discovered that we were able to reproduce a previously patched vulnerability again.
Namely, a heap buffer overflow vulnerability, TALOS-2020-1031, was disclosed to Adobe and patched in an update on the fifth of April. Details of the vulnerability remain the same.
Read the complete vulnerability advisory here for additional information.
Vulnerability details
Adobe Acrobat Reader DC form field format use after free (TALOS-2020-1156 / CVE-2020-24437)
A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20043. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.
Read the complete vulnerability advisory here for additional information.
Versions tested
Talos tested and confirmed that version 2020.012.20043 of Adobe Acrobat Reader DC is affected by this vulnerability.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 53563-53564, 55842-55843