Lucene search
Abdul-Aziz Hariri and Jasiel Spelman of Trend Micro Zero Day InitiativeZDI-19-202HistoryFeb 12, 2019 - 12:00 a.m.
Adobe Reader DC Name Squatting JavaScript Restrictions Bypass Vulnerability
2019-02-1200:00:00
Abdul-Aziz Hariri and Jasiel Spelman of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
7
0.005 Low
EPSS
Percentile
76.9%
This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a mispelled API in the built-in encoded JavaScript scripts. By creating a specially crafted PDF with specific JavaScript instructions, it is possible to bypass the Javascript API restrictions. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
Related
cve
cve
CVE-2019-7041
2019-05-24 19:29:00
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Security bypass (APSB19-07: CVE-2019-7041)
2019-02-12 00:00:00
prion
prion
Security feature bypass
2019-05-24 19:29:00
nvd
nvd
CVE-2019-7041
2019-05-24 19:29:00
cvelist
cvelist
CVE-2019-7041
2019-05-24 18:14:17
threatpost
threatpost
Adobe Fixes 43 Critical Acrobat and Reader Flaws
2019-02-12 15:09:48
openvas
openvas
Adobe Acrobat 2017 Security Updates (APSB19-07) - Mac OS X
2019-02-14 00:00:00
Adobe Acrobat DC (Continuous Track) Security Updates (APSB19-07) - Windows
2019-02-14 00:00:00
Adobe Acrobat DC (Continuous Track) Security Updates (APSB19-07) - Mac OS X
2019-02-14 00:00:00
nessus
nessus
adobe
adobe
APSB19-07 Security Updates available for Adobe Acrobat and Reader
2019-02-12 00:00:00
kaspersky
kaspersky
KLA11421 Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader
2019-02-12 00:00:00