Malicious PDF Leads to Discovery of Adobe Reader, Windows Zero-Days

Discussion in '0-day Release' started by silversurfer, May 16, 2018 at 7:46 PM.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Researchers at ESET recently came across a malicious PDF file set up to exploit two zero-day vulnerabilities affecting Adobe Reader and Microsoft Windows.

    The malicious document leverages a privilege escalation flaw in Windows (CVE-2018-8120) and a remote code execution vulnerability in Adobe Reader (CVE-2018-4990). CVE-2018-8120 is one of the two zero-day vulnerabilities fixed by Microsoft with its May 2018 Patch Tuesday updates, while CVE-2018-4990 was addressed by Adobe on May 14 with the release of updates that fix nearly 50 other issues.

    By combining the two flaws, attackers can execute arbitrary code with elevated privileges with minimal user interaction – specifically, opening the malicious PDF.

    In order to make it more difficult for attackers to execute arbitrary code on a system running its Reader software, Adobe has implemented a sandbox. Exploiting only CVE-2018-4990 allows code execution within the sandbox, but combining it with the Windows privilege escalation flaw makes it possible to escape the sandbox and execute the code in kernel mode.

    Full Article: https://www.securityweek.com/malicious-pdf-leads-discovery-adobe-reader-windows-zero-days
     
    RGiskardR likes this.
  2. Google Adsense

Share This Page