Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


Adobe Acrobat Reader DC Stream Object Remote Code Execution

Reference ID: SSA-1710
Publication date: 08.08.2017
Severity: critical
Discovered by: Sebastian Apelt

Affected products/versions:
Adobe Acrobat Reader DC (2017.009.20058 and earlier versions)

Adobe Acrobat Reader DC is affected by a Use After Free vulnerability. The vulnerability occurs due to a Stream object being dereferenced after it has been destroyed. The re-use of the freed object directly leads to a controllable vtable call. By controlling the vtable we can execute arbitrary code in the sandboxed AcroRd32.exe process.

Please read the SSD Advisory for further details about this vulnerability.

References: SSD Advisory
Adobe Security Bulletin APSB17-24