CVE-2020-24435
A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC, version 2020.012.20043. With careful memory manipulation, this can lead to the disclosure of sensitive information, as well as memory corruption, which can lead to arbitrary code execution. To trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Adobe Acrobat Reader 2020.012.20043
Acrobat Reader - https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html
8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-122 - Heap-based Buffer Overflow
Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability.
Adobe Acrobat Reader DC supports embedded JavaScript code in the PDF to allow for interactive PDF forms. This gives the potential attacker the ability to precisely control memory layout and poses additional attack surface.
When testing a newer version of Adobe Acrobat Reader, it was discovered that we were able to reproduce a previously patched vulnerability again.
Namely, a heap buffer overflow vulnerability, TALOS-2020-1031, was disclosed to Adobe and patched in an update on the fifth of April. Details of the vulnerability remain the same.
2020-09-24 - Vendor Disclosure
2020-11-05 - Public Release
Discovered by Aleksandar Nikolic of Cisco Talos.