Blog

Vectra Threat Labs discovers vulnerabilities in Adobe Reader and Internet Explorer

Posted by Chris Morales on Oct 14, 2015 9:17:00 AM

Find me on:

adobe_vuln1

Today, Vectra researchers were again credited with discovering critical vulnerabilities that impact the security of Adobe Reader, VBScript, and Internet Explorer.

The vulnerability in Adobe Reader (CVE-2015-6687) is a use-after-free bug that could lead to arbitrary code execution. An analysis of this and other recently patched Adobe vulnerabilities can be found here.

Additionally, researchers found additional critical vulnerabilities (MS15-106 and MS15-108) that allow attackers to bypass Address Space Layout Randomization (ASLR) protections. These vulnerabilities are particularly significant because ASLR protects against memory corruption attacks by making the layout of memory unpredictable. As a result, any vulnerability that bypasses ASLR is highly valuable to attackers. 


automated threat management: no signature required

Topics: Vulnerabilities

Subscribe to the Vectra Blog



Recent Posts

Posts by Topic

Follow us