About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Exploiting a Use-After-Free in Adobe Reader - 247

ZDI - Abdul-Aziz HaririPosted 5 Years Ago
  • Adobe products are vastly complex! Because of this, they are riddled with security flaws. In this article (by a third party for a bug discovered by Mark Yason) in Adobe Reader.
  • Adobe Reader has a JavaScript interpretation engine itself. With EScript objects, associated with JavaScript objects, the data was stored in cache.
  • When this caching scheme is used, a data ESObject with the same PDDoc structure and name are reused from the cache.
  • The issue is that the ESObject pointer is freed, a pointer to it still exists in the cache. This creates a classic use after free (UAF) vulnerability.
  • The actual exploitation technique is only explained at a high level, but it is referred to as a classic method. At a VERY high level, it causes the garbage collection to free the object then uses the object again by accessing the cache. After this, the exploit is very down into the JS engine exploitation weeds.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed