Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Adobe to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Adobe Acrobat Reader DC JavaScript gotoNamedDest information leak vulnerability (TALOS-2019-0947/CVE-2019-16463)A specific JavaScript code embedded in a PDF file can lead to an information leak when opening a PDF document in Adobe Acrobat Reader DC, version 2019.021.20048. With careful memory manipulation, this can lead to sensitive information being disclosed, which could be abused when exploiting another vulnerability to bypass mitigations. In order to trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.
Read the complete vulnerability advisory here for additional information.
Versions tested
Talos tested and confirmed that Adobe Acrobat Reader DC, version 2019.021.20048 is affected by this vulnerability.Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.Snort Rules: 52097, 52098
Article Link: http://feedproxy.google.com/~r/feedburner/Talos/~3/7dUfFs_npZ8/vuln-spotlight-Adobe-Acrobat-JS-leak.html