Feedly:Fortinet Blog | News and Threat Research - All Posts. Analysis of Use-After-Free Vulnerability (CVE-2016-4119) in Adobe Acrobat and Reader

from Fortinet Blog | News and Threat Research - All Posts

SummaryRecently, Adobe patched some security vulnerabilities in Adobe Acrobat and Reader. One of them is a use-after-free vulnerability (CVE-2016-4119) discovered by Fortinet's FortiGuard Labs. In this blog, we want to share our analysis of this vulnerability.Proof of ConceptThis vulnerability can be reproduced by opening the PDF file “PoC_decrypt.pdf” with Adobe Reader DC. When opened, AcroRd32.exe crashes, and the crash information shows the following:(28d8.110): Access violation - code c0000005 (first chance)First chance exceptions are reported...