- 2017 MAC PRO 2 CONCEPT PDF
- 2017 MAC PRO 2 CONCEPT 64 BITS
- 2017 MAC PRO 2 CONCEPT CODE
- 2017 MAC PRO 2 CONCEPT FREE
2017 MAC PRO 2 CONCEPT FREE
Since the variable v7 is 0x17, it calls the API free() to free the new memory region. The function sub_60085798() copies the memory region allocated in step 1 to a new memory region, and stores the pointer to the new memory region in an array. The function sub_600A6A40() is used to allocate a memory region with a size of 0x30 bytes. The following is the control flow that causes the use-after-free vulnerability:
2017 MAC PRO 2 CONCEPT CODE
The code snippet of the function sub_61C26DB0() Figure 5 shows the code snippet of this function in IDA Pro.įigure 5. Breakpoint at Acrobat!AIDE::PixelPartInfo::PixelPartInfo+0xfe2e2eĪt this breakpoint, it calls the function Acrobat!AIDE::PixelPartInfo::PixelPartInfo+0xfe2e2e that is mapped to the function sub_61C26DB0(). When the breakpoint is hit, the following output is expected in Figure 4.įigure 4. The following breakpoint can be set to trace how the memory region is freed and then used again.īu Acrobat!AIDE::PixelPartInfo::PixelPartInfo+0xfe2e2e The two highlighted parts have the same stack backtraces.
The comparison between the outputs of command !heap -p -a and kb
Therefore, when Adobe Acrobat accesses this freed memory region it will cause a Use-After-Free crash.įigure 3. In Figure 3, the register RDX points to a freed memory region. In Windbg, when the memory access violation happens, the memory address that triggered the exception can be analyzed, along with the stack backtraces. Zscaler ThreatLabz also noticed the same vulnerability can be reproduced by calling the Doc.print() function with no parameters as shown below. The definition of the Javascript API Doc.print()įigure 2 shows the crafted PoC to trigger this vulnerability. In Figure 1, the definition of the Javascript API Doc.print() is shown.įigure 1.
This Use-After-Free (UAF) vulnerability is triggered when Adobe Reader improperly handles the Doc.print() Javascript API that is filled with specially crafted parameters.
2017 MAC PRO 2 CONCEPT 64 BITS
The following crash will be produced:Īdobe Acrobat Reader DC 64 bits version, Product version: 7.0 Next, issue the command g in Windbg multiple times.Īdobe Acrobat will cause a crash after a while. In Windbg, open Executable -> File name: Acrobat.exe -> Arguments: /path/to/poc.pdf, then enable Debug child processes also -> Open. To reproduce this issue, the following steps can be performed: Zscaler ThreatLabz created a PoC file that will cause the following crash.
2017 MAC PRO 2 CONCEPT PDF
The vulnerability can be triggered by opening a malicious PDF file. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Īcrobat DC Continuous 22.001.20142 and earlier versions in Windows & macOSĪcrobat Reader DC Continuous 22.001.20142 and earlier versions in Windows & macOSĪcrobat 2020 Classic 2020 20.005.30334 and earlier versions (Win)Īcrobat 2020 Classic 2020 20.005.30331 and earlier versions (Mac)Īcrobat Reader 2020 Classic 2020 20.005.30334 and earlier versions (Win)Īcrobat Reader 2020 Classic 2020 20.005.30331 and earlier versions (Mac)Īcrobat 2017 Classic 2017 17.012.30229 and earlier versions (Win)Īcrobat 2017 Classic 2017 17.012.30227 and earlier versions (Mac)Īcrobat Reader 2017 Classic 2017 17.012.30229 and earlier versions (Win)Īcrobat Reader 2017 Classic 2017 17.012.30227 and earlier versions (Mac) An attacker could leverage this vulnerability to bypass mitigations such as ASLR. CVE-2022-34233 is a Use-After-Free vulnerability that could potentially lead to the disclosure of sensitive memory.