Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


Adobe Acrobat Reader DC XFA Page Array Out-Of-Bounds Read Information Disclosure Vulnerability

Reference ID: SSA-1602
Publication date: 10.05.2016
Severity: critical
Discovered by: Sebastian Apelt

Affected products/versions:
Adobe Acrobat Reader 10/11 (11.0.15 and earlier versions)
Adobe Acrobat Reader DC (15.010.20060 and earlier versions)

This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of the Page array. A specially crafted PDF file can force Adobe Reader DC to read memory past the end of the Page object array. An attacker can use this information in conjunction with other vulnerabilities to execute code in the context of the process.

Adobe Security Bulletin APSB16-14