Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.
Adobe Acrobat Reader DC Stream Object Remote Code Execution
Reference ID: SSA-1710Affected products/versions:
Adobe Acrobat Reader DC (2017.009.20058 and earlier versions)
Adobe Acrobat Reader DC is affected by a Use After Free vulnerability. The vulnerability occurs due to a Stream object being dereferenced after it has been destroyed. The re-use of the freed object directly leads to a controllable vtable call. By controlling the vtable we can execute arbitrary code in the sandboxed AcroRd32.exe process.
Please read the SSD Advisory for further details about this vulnerability.
References:
SSD Advisory
CVE-2017-11254
Adobe Security Bulletin APSB17-24