1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Adobe Acrobat & Reader Stack Buffer Overflow CVE-2015-5110

Web Attack: Adobe Acrobat & Reader Stack Buffer Overflow CVE-2015-5110

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.

Additional Information

Adobe Reader and Acrobat are applications for handling PDF files.

Adobe Acrobat and Reader prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Specifically, the issue exists within the handling of arguments passed to the 'makeMeasurement' method. An attacker can exploit this issue by sending specially crafted argument to 'makeMeasurement'.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.

Affected

  • Adobe Acrobat X Pro
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube