A hacker has published an extensive list of Adobe Reader and Windows vulnerabilities based on his research into a relatively obscure area of font management.
Google Project Zero hacker Mateusz Jurczyk found a total of 15 vulnerabilities, any of which could trigger remote code execution or privilege escalation in Adobe Reader or the Windows kernel. However, the two worst (detailed as CVE-2015-3052 for 32-bit and CVE-2015-0093 for 64-bit) exist in the Adobe Type Manager Font Driver, which has existed in the Windows kernel since Windows NT 4.
Leave a reply
