Adobe Acrobat Reader is one of the most used applications for reading PDF files. Today we will talk about a new vulnerability that Talos has revealed. We should mention that Talos is creating threat intelligence for Cisco products in order to detect, analyze and protect customers from both emerging and known threats.
The vulnerability that we are talking about has the number TALOS-2016-259 / CVE-2017-2791, which is an uninitialized memory vulnerability that has been found in the Adobe Acrobat Reader DC.
This vulnerability is associated with the JPEG Decoder functionality that has embedded into the application. In other words, a specially crafted PDF document that contains a JPEG can be used to trigger this vulnerability. Once this happens, a head-based buffer overflow happens, which can allow remote code execution.
The good news is that this problem has already been solved by Adobe in…