This occurs due to the access or use of wild pointer or released object without proper validation when handling certain JavaScripts, Doc objects, or AcroForms.
soiax working with Trend Micro Zero Day InitiativeĪddressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs as the application does not set the pointer as null after it has been released and releases the pointer again during the subsequent destruction when handling certain PDF files, or fails to handle the abnormal parameters during the process to create database API by calling the functions from Windows system when handling ADBC objects, or transforms objects by force without judging the data type when handling Doc objects. Suyue Guo and Wei You from Renmin University of China working with Trend Micro Zero Day InitiativeĪddressed potential issues where the application could be exposed to Out-of-Bounds Read vulnerability and crash, which could be exploited by attackers to disclose information or execute remote code. This occurs due to the access of illegal address as the application fails to update the pointer after the container is expanded during the iteration when handling the AFSpecial_KeystrokeEx method. 
Suyue Guo, Wei You from Renmin University of ChinaĪddressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Memory Corruption Remote Code Execution vulnerability and crash. This occurs due to the access of null pointer, handle, or array without proper validation. René Freingruber, SEC Consult Vulnerability LabĪddressed potential issues where the application could be exposed to Null Pointer Dereference vulnerability and crash, which could be exploited by attackers to cause a denial of service. DoHyun of DNSLab, Korea University working with Trend Micro Zero Day Initiative. DoHyun working with Trend Micro Zero Day Initiative. Seungju Oh, DoHyun Lee of Zerocution working with Trend Micro Zero Day Initiative. This occurs as the application uses V8 JavaScript Engine in the outdated version that is prone to vulnerabilities. 
Addressed potential issues where the application could be exposed to Out-of-Bounds Read, Type Confusion, Use-After-Free, or Uninitialized Variable vulnerability and crash when handling certain JavaScripts, which could be exploited by attackers to disclose information or execute remote code.
0 kommentar(er)
