Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home

[silversurfer]

A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request.

The vulnerability was first disclosed by security researcher Alex Inführ on his blog, where a full analysis of the security issue and a proof-of-concept were published before Adobe managed to push out a security fix for the issue.

Applying the micropatch delivered through the 0patch platform will not require a system restart or relaunching a program, with the effect being immediate because it is an in-memory fix for running processes.

According to Mitja Kolsek, CEO of ACROS Security, the company behind 0patch:
"This vulnerability, similar to CVE-2018-4993, the so-called Bad-PDF reported by CheckPoint in April last year, allows a remote attacker to steal user's NTLM hash included in the SMB request. It also allows a document to "phone home", i.e., to let the sender know that the user has viewed the document. Obviously, neither of these is desirable."

SOURCE: https://www.bleepingcomputer.com/news/se...ling-home/