Announcement Announcement Module
Collapse
No announcement yet.
Remote Code Execution Vulnerability in Adobe Reader Mobile Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Code Execution Vulnerability in Adobe Reader Mobile


    Remote Code Execution Vulnerability in Adobe Reader Mobile


    Severity: HIGH

    Components Affected
    • Adobe Reader Mobile 11.1.3 and prior for android

    Overview
    A vulnerability has been reported in Adobe Reader which could be exploited by a remote attacker to gain access to the victim’s machine and execute arbitrary code.

    Description
    This vulnerability exists in Adobe Reader due to improper restrictions to certain JavaScript interfaces from ARJavaScript, ARCloudPrintActivity, ARCreatePDFWebView classes. A remote attacker could exploit this vulnerability by creating a specially crafted content which when executed by the target user would lead to execution of arbitrary code on the target user’s system leading to compromise of the documents in the reader and SD card files.

    Note: Proof of concept code for this vulnerability is publically available.

    Solution
    Update to Adobe Reader Mobile 11.2

    Vendor Information
    Adobe
    http://helpx.adobe.com/security/prod...apsb14-12.html

    References
    Adobe
    http://helpx.adobe.com/security/prod...apsb14-12.html

    Securify
    http://www.securify.nl/advisory/SFY2...nterfaces.html

    Secunia
    http://secunia.com/advisories/57928/

    Security tracker
    http://securitytracker.com/id/1030090
Tag Cloud Tag Cloud Module
Collapse
Working...
X