Threat Research

Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader 

By Kai Lu and Kushal Shah | October 21, 2016

Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016.

CVE-2016-6939

This vulnerability was discovered by Kai Lu.

CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by a crafted PDF file which causes an out of bounds memory access due to an improper bounds check when manipulating an array pointer. The specific vulnerability exists in the MakeAccessible plugin due to missing length checks.

Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees potentially leading to code corruption, control-flow hijack, or an information leak attack.

Before the Adobe patch was made available, Fortinet had released IPS signature Adobe.Reader.DC.MakeAccessible.Plugin.Heap.Overflow to proactively protect our customers.

CVE-2016-6948

This vulnerability was discovered by Kushal Arvind Shah.

CVE-2016-6948 is a memory corruption vulnerability caused by a crafted PDF file that causes an out of bounds memory access. The specific vulnerability exists because a malformed object stream manifests itself due to a bug in the font engine.

Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees potentially leading to code corruption, control-flow hijack, or an information leak attack.

Before the Adobe patch was made available, Fortinet had released IPS signature Adobe.Acrobat.Reader.DC.CTJPEGWriter.Memory.Corruption to proactively protect our customers.

Join the Discussion