Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Malspam campaign dropping LokiBot Malware
January 4, 2019Rewterz Threat Alert – Major US-based bank employees phished with Custom Web Fonts meant to Evade Detection
January 7, 2019
SEVERITY: Medium
CATEGORY: Vulnerability
ANALYSIS SUMMARY
Adobe Reader and Adobe Acrobat are vulnerable to multiple flaws which when exploited by people with malicious intent may lead to bypassing of certain security restrictions and compromising a vulnerable system.
1) A use-after-free error can be exploited to corrupt memory and subsequently execute arbitrary code.
2) An unspecified error can be exploited to gain otherwise restricted privileges.
Impact
System Access, Security bypass, code execution
Affected Products
- Acrobat DC versions 2019.010.20064 and prior running on Windows and macOS
- Acrobat Reader DC versions 2019.010.20064 and prior running on Windows and macOS
- Acrobat 2017 versions 2017.011.30110 and prior running on Windows and macOS
- Acrobat Reader DC 2017 versions 2017.011.30110 and prior running on Windows and macOS
- Acrobat DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and and macOS
- Acrobat Reader DC (Classic 2015) versions 2015.006.30461 and prior running on Windows and macOS
Remediation
Update to a fixed version if available.
- Acrobat DC / Acrobat Reader DC 2019 running on Windows and macOS:
Update to version 2019.010.20069.
- Acrobat 2017 / Acrobat Reader DC 2017 running on Windows and macOS:
Update to version 2017.011.30113.
- Acrobat DC / Acrobat Reader DC (Classic 2015) running on Windows and macOS:
Update to version 2015.006.30464.