header-logo
Suggest Exploit
vendor:
Adobe Reader DC
by:
Pier-Luc Maltais
9,8
CVSS
CRITICAL
Memory corruption
119
CWE
Product Name: Adobe Reader DC
Affected Version From: 15.010.20060 and earlier versions
Affected Version To: 15.010.20060 and earlier versions
Patch Exists: YES
Related CWE: CVE-2016-1077
CPE: a:adobe:reader_dc
Metasploit: https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1074/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1077/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1093/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1116/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1118/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1120/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1124/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1130/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-4089/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-4093/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-4094/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-4097/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-4098/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1073/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-4103/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1063/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1064/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1071/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1072/https://www.rapid7.com/db/vulnerabilities/acrobat-cve-2016-1037/https://www.rapid7.com/db/?q=CVE-2016-1077&type=&page=2https://www.rapid7.com/db/?q=CVE-2016-1077&type=&page=3https://www.rapid7.com/db/?q=CVE-2016-1077&type=&page=2
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows and Macintosh
2016

Adobe Reader DC <= 15.010.20060 - Memory corruption

A memory corruption occurs when Adobe Reader DC handle a specially crafted image XObject, which could lead to remote code execution.

Mitigation:

Adobe released a patch for this vulnerability (APSB16-14)
Source

Exploit-DB raw data:

########################################################################################
  
# Title: Adobe Reader DC <= 15.010.20060 - Memory corruption
# Application: Adobe Reader DC
# Version: 15.010.20060 and earlier versions
# Platform: Windows and Macintosh
# Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html
# Date: May 10, 2016
# CVE: CVE-2016-1077
# Author: Pier-Luc Maltais from COSIG
# Contact: https://twitter.com/COSIG_
# Personal contact: https://twitter.com/plmaltais
  
########################################################################################
  
===================
Introduction:
===================
 More powerful than other PDF software, Adobe Acrobat Reader DC is the free, trusted 
 standard for viewing, printing and annotating PDFs. And now, it’s connected to Adobe 
 Document Cloud — so it’s easier than ever to work with PDFs on computers and mobile 
 devices. (https://acrobat.adobe.com/ca/en/acrobat/pdf-reader.html)
 
########################################################################################
  
===================
Report Timeline:
===================
 2016-02-04: Pier-Luc Maltais from COSIG found the issue and report it to Adobe PSIRT.
 2016-05-10: Vendor fixed the issue (APSB16-14).
 2016-03-08: Release of this advisory.
 
########################################################################################
  
===================
Technical details:
===================
 A memory corruption occurs when Adobe Reader DC handle a specially crafted image 
 XObject, which could lead to remote code execution.
  
########################################################################################
  
==========
POC:
==========
https://plmsecurity.net/sites/plmsecurity.net/files/APSB16-14_PoC.pdf
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39799.zip
  
########################################################################################

Navigation

Suggest Exploit

Services By CQR