Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
#1
Quote:Adobe on Tuesday released three patches – including a fix for a flaw in Adobe Acrobat and Reader that exposes hashed passwords that already has a proof-of-concept (PoC) exploit code publicly available.

The information disclosure vulnerability, CVE-2018-15979, exists in Adobe Acrobat and Reader for Windows and was reported by the EdgeSpot team.

“Successful exploitation could lead to an inadvertent leak of the user’s hashed NTLM password,” said Adobe, in its release. NTLM is the authentication protocol used on networks that include systems running the Windows operating system and on standalone systems.

While no further information about the PoC was revealed, Adobe said the attack allows bad actors to redirect a user to a malicious resource outside their organization to obtain the NTLM authentication messages.

Source: https://threatpost.com/adobe-fixes-acrob...oc/139050/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
K-Lite Codec Pack 19.0.5 / 19.0.7 Update
Changes in 19.0.7 ...harlan4096 — 05:52
AnyDesk 9.5.8 for Windows
AnyDesk 9.5.8 for ...harlan4096 — 05:50
Notepad++ v8.8.3
Notepad++ v8.8.3 s...harlan4096 — 05:49
Intel releases new Arc PRO graphics driv...
Intel’s new GPU dr...harlan4096 — 05:48
Microsoft caused and fixed a WSUS Synchr...
Reports about prob...harlan4096 — 05:47

[-]
Birthdays
Today's Birthdays
avatar (49)WillieVot
Upcoming Birthdays
avatar (45)RidgeDimb
avatar (36)ipumaqar
avatar (50)tanliorsPeri
avatar (42)lapedDow
avatar (48)rituabew
avatar (36)omyjul
avatar (40)papedDow
avatar (49)ArnoldFum
avatar (37)yfaza
avatar (48)Kevensi
avatar (38)boineDon
avatar (39)Grompelbawn
avatar (40)vkseogaF
avatar (36)usogy
avatar (39)ywixazok
avatar (37)ixoqe
avatar (35)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>