CVE-2013-2729 icon indicating copy to clipboard operation
CVE-2013-2729 copied to clipboard

Published 20 hours ago verified publisher icon feliam

Metadata

#Adobe Reader BMP/RLE heap corruption - CVE-2013-2729

Adobe Reader X is a powerful software solution developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format (PDF). Since version 10 it includes the Protected Mode, a sandbox technology similar to the one in Google Chrome which improves the overall security of the product.

  • Title: Adobe Reader BMP/RLE heap corruption
  • CVE Name: CVE-2013-2729
  • Permalink: http://blog.binamuse.com/2013/05/readerbmprle.html
  • Date published: 2013-05-14
  • Date of last update: 2013-05-14
  • Class: Client side Integer Overflow

Adobe Reader X fails to validate the input when parsing an embedded BMP RLE encoded image. Arbitrary code execution in the context of the sandboxed process is proved possible after a malicious bmp image triggers a heap overflow. Quick links: White paper, Exploit generator in python and PoC.pdf for Reader 10.1.4.

Antivirus test ~1 year later (03/2014):

  • Avast: https://www.youtube.com/watch?v=S3X_zsy4k28
  • Bitdefender: https://www.youtube.com/watch?v=XF25bzzwZk0

Metadata

23
Stars
21
Forks
Watchers

Owner

verified publisher icon feliam

Metadata

Back