0patching Stream Object Remote Code Execution in Acrobat Reader DC (CVE-2017-11254)

Share it with your friends Like

Thanks! Share it with your friends!


This video demonstrates micropatching of CVE-2017-11254, a use-after-free bug in Acrobat Reader DC that gets exploited by opening a malicious PDF. First, the malicious PDF is opened with 0patch Agent disabled, which means that our patch doesn’t get applied. As expected, Reader crashes. Then, we enable 0patch Agent and repeat the test. This time, Reader doesn’t crash as the vulnerable code has been fixed in-memory before it got executed.

Interested in micro-hot-patching? Head over to https://0patch.com, create a free account and start using 0patch. (If you want to create your own micropatches, make sure to download 0patch Agent for Developers.)


Write a comment