header-logo
Suggest Exploit
vendor:
Acrobat Reader DC
by:
Security Evaluators
5,4
CVSS
MEDIUM
Buffer Overflow
119
CWE
Product Name: Acrobat Reader DC
Affected Version From: Adobe Acrobat Reader DC 2020.009.20067
Affected Version To: Adobe Acrobat Reader DC 2020.009.20067
Patch Exists: YES
Related CWE: CVE-2020-9584
CPE: cpe:a:adobe:acrobat_reader_dc:2020.009.20067
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2020

Adobe Acrobat Font Parsing Vulnerability

This vulnerability is caused by a buffer overflow in Adobe Acrobat Reader. It occurs when a specially crafted TTF font file is opened in Adobe Acrobat Reader. The vulnerability can be exploited to execute arbitrary code on the target system.

Mitigation:

Adobe has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

From the authors site:

In this article, I'm going to share with you my observations and analysis on recent Adobe Acrobat Font Parsing vulnerability. Source document exists here:

http://securityevaluators.com/files/papers/CrashAnalysis.pdf (page 51-58)

After reading the paper, I started studying the TTF format. After initial research, I wrote this script:

Writeup and proof of concept files included in archive file.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14642.tgz (VA010-003.tgz)

Navigation

Suggest Exploit

Services By CQR