CVE-2023-44359 - Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Upon Opening a Malicious File

Summary: A critical vulnerability dubbed as CVE-2023-44359 has been discovered in Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) that could lead to arbitrary code execution on a user's system. The vulnerability stems from a Use After Free issue which, when exploited, allows an attacker to execute malicious code on the victim's machine. To successfully exploit this vulnerability, the user interaction is required in the form of opening a malicious file, usually a PDF document.

Exploit Details

The crux of the vulnerability lies in Adobe Acrobat Reader's handling of memory. A Use After Free vulnerability occurs when an application continues to use memory after it has been freed. By exploiting this vulnerability, an attacker has the ability to craft a special PDF file containing malicious code that triggers the Use After Free condition.

Here is a basic code snippet to demonstrate the vulnerability

#include...
...
void vulnerable_function()
{
    Object *obj = new Object();
    ...
    delete obj;
    ...
    obj->call(); //<<< Use After Free vulnerability
}
...

An attacker can craft a malicious PDF file and send it to the victim via email or other means. When the victim opens the file using the affected versions of Adobe Acrobat Reader, it causes the application to use the freed memory and thus, giving the attacker an opportunity to execute malicious code with the privileges of the user running the application.

The screenshot below shows a crafted malicious PDF file that, when opened, demonstrates the arbitrary code execution functionality by displaying a simple message box: [Screenshot]

1. Adobe Security Bulletin - APSB20-05: https://helpx.adobe.com/security/products/acrobat/apsb20-05.html
2. Mitre CVE-2023-44359: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44359
3. NVD CVE-2023-44359: https://nvd.nist.gov/vuln/detail/CVE-2023-44359

Mitigation

Adobe has released updates to address this vulnerability. Users of the impacted Acrobat Reader versions are advised to update their software immediately to the latest versions, available at the following links:

- Acrobat Reader DC version 23.006.20361 or later: https://get.adobe.com/reader/
- Acrobat Reader 202 version 20.005.30525 or later: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

To further minimize the risk, it's also recommended that users exercise caution when opening files from unknown sources, especially PDF files received via email or downloaded from the internet.

Conclusion

The CVE-2023-44359 vulnerability in Adobe Acrobat Reader is a critical security flaw that could lead to arbitrary code execution on the victim's machine. By delivering a specially crafted PDF file, an attacker can execute malicious code with the privileges of the user running the application, potentially compromising the system. Adobe has released updates to address this vulnerability. Users are urged to update their software ASAP and practice caution when opening files from unknown sources.

Timeline

Published on: 11/16/2023 10:15:14 UTC
Last modified on: 11/22/2023 17:04:24 UTC