CVE-2018-4901: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions…

CVE-2018-4901 [HIGH] CWE-787 GHSA-f7cw-fqvv-747p: An issue was discovered in Adobe Acrobat Reader 2018 An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVE-2017-4905 [MEDIUM] VMware WorkStation 12.5.3 - Virtual Machine Escape VMware WorkStation 12.5.3 - Virtual Machine Escape --- # VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 # Known issues * Failing to heap manipulation causes host process crash. (About 50% successful rate ) * Not quite elaborate because I'm not good at doing heap "fengshui" on winows LFH. # FAQ * Q: Error in reboot vmware after crashing process. * A: Just remove ***.lck** folder in your vm directory or wait a while and have a coffee :).Here is a simple [script](https://raw.githubusercontent.com/unamer/vmware_escape/master/cve-2017-4901/cleanvm.bat) I used to clean up. # Reference * https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/ EDB Note: Dow

[HIGH] Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability Discovered by Aleksandar Nikolic of Cisco Talos ### OverviewToday, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability. A specific Javascript script embedded in a PDF file can cause the document ID field to be used in an unbounded copy operation leading to stack-based buffer overflow when opening a specially crafted PDF document in Adobe Acrobat Reader DC 2018.009.20044. This stack overflow can lead to ret

[HIGH] Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability ## Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability Discovered by Aleksandar Nikolic of Cisco Talos ## Overview Today, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability. A specific Javascript script embedded in a PDF file can cause the document ID field to be used in an unbounded copy operation leading to stack-based buffer overflow when opening a speciall

Zscaler protects against 22 new vulnerabilities for Adobe Fl Provide users with seamless, secure, reliable access to applications and data. Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners. Industry Report Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE) USE CASES INDUSTRY & MARKET SOLUTIONS PARTNERS TECHNOLOGY PARTNERS Resource Center Events & Trainings Security Research & Services Tools Community & Support CXO REVOLUTIONARIES Amplifying the voices of real-world digital and zero trust pioneers Discover how it began and where it’s going Meet o