Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised a method to bypass the first fix.
The vulnerability was discovered by Alex Inführ from Cure53, the expert discovered that the flaw could be exploited by using a specially crafted PDF document to send SMB requests to the attacker’s server when the file is opened.
The expert explained that the flaw is similar to the
CVE-2018-4993 (aka “BadPDF“) that fixed by Adobe in November. The flaw allowed to trigger a callback to an attacker-controlled SMB server and leak the users NTMLv2 hash.
Inführ tested the PoC on Adobe Acrobat Reader DC 19.010.20069 running on Windows OS.
The February 2019 Patch Tuesday updates addressed the vulnerability, but Infuhr immediately discovered that it could be bypassed.
News of the day is that Adobe released a second patch for the flaw in Adobe Reader and assigned it a new CVE identifier, CVE-2019-7815.
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019.” reads the security advisory.
“Successful exploitation could lead to sensitive information disclosure in the context of the current user. ”
Last week, the 0patch experts released a micropatch to address the Adobe Reader flaw.
The good news is that Adobe it’s not aware of any attack exploiting the flaw in-the-wild. Now Adobe assigned the flaw a priority rating of 2, which suggests that exploitation should not be imminent.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Adobe Reader, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…
Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…
FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver…
This website uses cookies.
