New Vulnerability in Adobe Flash Player Could Allow Remote Code Execution

According to the Adobe advisory, vulnerability (CVE-2014-0514) resides in the implementation of JavaScript APIs on Adobe Reader 11.2 that could be exploited to execute arbitrary code within Adobe Reader.

[adsense size='1']

Adobe vulnerability discovered by security researcher Yorick Koster of Securify BV, claimed that an attacker can create a specially crafted PDF file containing malicious JavaScript code that triggers when the victim will try to open it using affected Adobe Reader for Android Operating System.

Multiple attack vectors are available to deploy a malicious PDF, i.e. Cyber criminals can use phishing attacks or Facebook Spam to take advantage of such vulnerabilities.

Successful exploitation could allow a malicious attacker to access your important files stored on the Device SD card. Researchers also published a crafted PDF file as Proof of concept, to demonstrate the vulnerability.

On the point of exploitation, the specially crafted PDF file required to exploit this vulnerability would have to contain Javascript that runs when the targeted-user interacts with the PDF file in question. An attacker could deploy any of the Javascript objects included in Koster’s report to obtain access to the public reflection APIs inherited by those objects. It is these public reflection APIs that the attacker can abuse to run arbitrary code.