Researchers at Cisco Talos are detailing a remote code execution vulnerability found in Adobe Acrobat Reader DC that can be triggered when a malicious file is opened or a victim accesses a rigged webpage.
According to Talos, the vulnerability (
CVE-2018-4901) was disclosed on Dec. 7 and Adobe issued a patch on Feb. 13. Researchers are now sharing the
details of its discovery. Affected are Adobe Acrobat Reader versions 2018.009.20050 and 2017.011.30070 and earlier.
The vulnerability allows attackers to hide malicious JavaScript code in a PDF file. This code can enable document ID to perform unauthorized operations to trigger a stack-based buffer overflow when opening a specially crafted PDF document.
......................
......................
