Talos Vulnerability Report

TALOS-2020-1157

Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux

November 5, 2020
CVE Number

CVE-2020-24435

Summary

A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC, version 2020.012.20043. With careful memory manipulation, this can lead to the disclosure of sensitive information, as well as memory corruption, which can lead to arbitrary code execution. To trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.

Tested Versions

Adobe Acrobat Reader 2020.012.20043

Product URLs

https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html

CVSSv3 Score

8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Details

Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. It has a large user base and is usually a default PDF reader on systems. It also integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability.

Adobe Acrobat Reader DC supports embedded JavaScript code in the PDF to allow for interactive PDF forms. This gives the potential attacker the ability to precisely control memory layout and poses additional attack surface.

When testing a newer version of Adobe Acrobat Reader, it was discovered that we were able to reproduce a previously patched vulnerability again.

Namely, a heap buffer overflow vulnerability, TALOS-2020-1031, was disclosed to Adobe and patched in an update on the fifth of April. Details of the vulnerability remain the same.

Timeline

2020-09-24 - Vendor Disclosure
2020-11-05 - Public Release

Credit

Discovered by Aleksandar Nikolic of Cisco Talos.