######################################################################################## # Title: Adobe Reader DC <= 15.010.20060 - Memory corruption # Application: Adobe Reader DC # Version: 15.010.20060 and earlier versions # Platform: Windows and Macintosh # Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html # Date: May 10, 2016 # CVE: CVE-2016-1077 # Author: Pier-Luc Maltais from COSIG # Contact: https://twitter.com/COSIG_ # Personal contact: https://twitter.com/plmaltais ######################################################################################## =================== Introduction: =================== More powerful than other PDF software, Adobe Acrobat Reader DC is the free, trusted standard for viewing, printing and annotating PDFs. And now, it’s connected to Adobe Document Cloud — so it’s easier than ever to work with PDFs on computers and mobile devices. (https://acrobat.adobe.com/ca/en/acrobat/pdf-reader.html) ######################################################################################## =================== Report Timeline: =================== 2016-02-04: Pier-Luc Maltais from COSIG found the issue and report it to Adobe PSIRT. 2016-05-10: Vendor fixed the issue (APSB16-14). 2016-03-08: Release of this advisory. ######################################################################################## =================== Technical details: =================== A memory corruption occurs when Adobe Reader DC handle a specially crafted image XObject, which could lead to remote code execution. ######################################################################################## ========== POC: ========== https://plmsecurity.net/sites/plmsecurity.net/files/APSB16-14_PoC.pdf https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39799.zip ########################################################################################