02-11-2019 , 09:25 PM
Quote:
A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request.
The vulnerability was first disclosed by security researcher Alex Inführ on his blog, where a full analysis of the security issue and a proof-of-concept were published before Adobe managed to push out a security fix for the issue.
Applying the micropatch delivered through the 0patch platform will not require a system restart or relaunching a program, with the effect being immediate because it is an in-memory fix for running processes.
The zero-day, which doesn't yet have a CVE tracker id, was tested against the latest version of Adobe Acrobat Reader DC 19.010.20069, but it most likely also impacts all other versions up to this one.
To be more exact, the vulnerability is triggered by a malicious PDF which includes an element designed to set off the automatic loading of a remote XML style sheet via SMB.
While a warning is displayed to alert the user that something is wrong if the action happens over HTTP, the PoC will do its job silently in the background "when using a UNC path (the type of path that denotes a resource in a shared folder)."
READ MORE INFORMATION.........HERE