Security researcher casually drops Adobe Reader, Windows critical vulnerability bomb

Posted on

A security researcher has casually revealed 15 vulnerabilities which impact on Microsoft Windows and Adobe Reader.

On Tuesday, Google Project Zero hacker Mateusz Jurczyk outlined a total of 15 critical vulnerabilities discovered within font management systems.

The research, also presented at the REcon security conference in Montreal in a talk called “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation,” (.PDF), reveals a set of nasty remote code execution and privilege escalation flaws which can be exploited through Adobe Reader or the Windows Kernel.

Jurczyk discovered a number of low to critical-severity security flaws, but the worst two, CVE-2015-3052 and CVE-2015-0093, which exist in both 32-bit and 64-bit systems, are found within the Adobe Type Manager Font Driver.

Security researcher casually drops Adobe Reader, Windows critical vulnerability bomb
Security researcher casually drops Adobe Reader, Windows critical vulnerability bomb

Speaking to The Register, Jurczyk said the most serious and interesting vulnerability, an “entirely reliable” BLEND instruction exploit, relates to how systems handle CharStrings which are responsible for shaping glyphs depending on point size. The exploit “defeats all modern user and kernel-mode exploit mitigations,” according to the researcher.

“The extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) — thus making it possible to create an exploit chain leading to a full system compromise with just a single bug — makes it one of the most interesting security issues I have discovered so far,” Jurczyk writes.

The researcher also devised a x64 way to exploit the flaw for the purpose of privilege escalation using another CharString vulnerability (CVE-2015-0090).

The video below demonstrates the exploitation of Adobe Reader 11.0.10 using the BLEND vulnerability (CVE-2015-3052), accompanied by sandboxes escapes via the Windows Kernel.

After being notified of the vulnerabilities, Microsoft and Adobe patched the flaws in their latest updates.

Source:http://www.zdnet.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s