WER IST SIBERAS?

Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.

KONTAKT

Adobe Reader DC XFA Page Array Out-Of-Bounds Read Information Disclosure Vulnerability

Reference ID: SSA-1602
Publication date: 10.05.2016
Severity: critical

Affected products/versions: Adobe Reader 10/11, Acrobat Reader DC

This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of the Page array. A specially crafted PDF file can force Adobe Reader DC to read memory past the end of the Page object array. An attacker can use this information in conjunction with other vulnerabilities to execute code in the context of the process.

References:
ZDI-16-320
CVE-2016-1072
Adobe Security Bulletin APSB16-14