Bug 953512 (CVE-2015-7650) - VUL-0: CVE-2015-7650: Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobatand Acrobat Reader DC ...
Summary: VUL-0: CVE-2015-7650: Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x b...
Status: RESOLVED WONTFIX
Alias: CVE-2015-7650
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/158500/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-04 09:13 UTC by Sebastian Krahmer
Modified: 2015-11-04 10:23 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-11-04 09:13:00 UTC 
CVE-2015-7650

This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Acrobat Reader DC. User interaction is
required to exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.

The specific flaw exists within the way CMAP tables are parsed. A specially
crafted CMAP table embedded in a PDF file can force Adobe Acrobat Reader to read
memory past the end of an allocated object. An attacker could leverage this
vulnerability to execute arbitrary code under the context of the current
process.



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7650
http://www.zerodayinitiative.com/advisories/ZDI-15-534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7650
http://www.zerodayinitiative.com/advisories/ZDI-15-534/