The heap-based buffer overflow vulnerability CVE-2021-44708 exists in Adobe Acrobat Pro DC’s third-party library Solid Framework, which is located in the directory C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\SaveAsNonPDF\Solid. Solid Framework (x86), Product version: 2.1 It will produce the following crash.Īdobe Acrobat Pro DC, Product version: 5.60881 Click the menu File → Export to → Microsoft Word → Word Document.Open the PoC file with Adobe Acrobat Pro DC.To reproduce this issue, the following steps can be performed: Zscaler ThreatLabz created a PoC file that will cause the following crash.
Adobe acrobat pro dc out of memory pdf#
The vulnerability can be triggered by opening a malicious PDF file and exporting it to a Microsoft Word document.
Adobe acrobat pro dc out of memory update#
Foxit has also released a security update to fix CVE-2021-44708.ĬVE-2021-44708 is a heap overflow vulnerability due to the insecure handling of a maliciously crafted file, potentially resulting in arbitrary code execution in the context of the current user. Foxit’s PDF Editor uses the Solid Framework for the conversion of PDF files to other file formats, and is therefore, also impacted by this vulnerability. In this blog, we present our analysis of CVE-2021-44708, a heap-based buffer overflow vulnerability in Adobe Acrobat Pro DC.
Adobe uses the Solid Framework for the conversion of PDF files to Microsoft Office files in Adobe Acrobat. These five vulnerabilities existed in the Adobe Acrobat Pro DC Solid Framework. In January 2022, Adobe released a security update for vulnerabilities in Adobe Acrobat and Reader.
0 kommentar(er)
