SRC-2017-0008 : Adobe Reader DC execMenuItem Off-by-One Heap Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists when calling the execMenuItem function. The issue results from the lack of proper validation of a heap buffer allowing an attacker to trigger an off-by-one heap overflow. On some platforms, an attacker can leverage this vulnerability to execute code under the context of the current process.
Adobe has issued an update to correct these vulnerabilities. More details can be found at:
- 2017-03-16 – Verified and acquired by Beyond Security
- 2017-08-08 – Coordinated public release of advisory
This vulnerability was discovered by Steven Seeley of Source Incite
Source Incite would like to acknowledge Beyond Security’s SSD program for the help with co-ordination of this vulnerability. More details can be found on their blog at https://blogs.securiteam.com/index.php/archives/3275.