Acrobat Reader DC 15.008.20082.15957 PDF Parsing Memory Corruption Vulnerability

Summary

    Adobe Reader is developed by the combination of network and desktop application technology.

    There are multiple security vulnerabilities in Acrobat Reader DC 15.008.20082.15957.

    Attackers take advantage of this vulnerability to construct special SWF files.Then,they cheat users to browse or open it. Flash unable to properly interpret these malicious SWF files through its specific way, which can lead to flash crash and denial of service. Who successfully use it in target users can execute arbitrary code, or even control the user's computer.

Solution

    1. Adobe Company Update:https://helpx.adobe.com/security/products/acrobat/apsb15-24.html

    2. If you have purchased NGAF appliance, update WAF signature database to version 20151204 or above.