Feedly:Fortinet Blog | News and Threat Research - All Posts. Analysis of CVE-2016-4203 - Adobe Acrobat and Reader CoolType Handling Heap Overflow Vulnerability

from Fortinet Blog | News and Threat Research - All Posts

Summary Recently, Adobe patched some security vulnerabilities in Adobe Acrobat and Reader. One of them is a heap buffer overflow vulnerability (CVE-2016-4203) I recently discovered. In this blog, we want to share our analysis of this vulnerability. Proof of Concept This vulnerability can be reproduced by opening the PoC file “poc_minimized.pdf” with Adobe Reader DC. When opened, AcroRd32.exe crashes, and the crash information is shown below: (8de0.6bc4): Access violation - code c0000005 (first chance) First chance exceptions...