Vectra Threat Labs discovers vulnerabilities in Adobe Reader and Internet Explorer

Vectra Threat Labs discovers vulnerabilities in Adobe Reader and Internet Explorer

Vectra Threat Labs discovers vulnerabilities in Adobe Reader and Internet Explorer

By:
投稿者:
Vectra
October 14, 2015

Today, Vectra researchers were again credited with discovering critical vulnerabilities that impact the security of Adobe Reader, VBScript, and Internet Explorer.

The vulnerability in Adobe Reader (CVE-2015-6687) is a use-after-free bug that could lead to arbitrary code execution. An analysis of this and other recently patched Adobe vulnerabilities can be found here.

Additionally, researchers found additional critical vulnerabilities (MS15-106 and MS15-108) that allow attackers to bypass Address Space Layout Randomization (ASLR) protections. These vulnerabilities are particularly significant because ASLR protects against memory corruption attacks by making the layout of memory unpredictable. As a result, any vulnerability that bypasses ASLR is highly valuable to attackers.

About the author

Vectra

Vectra® is the world leader in AI-powered network detection and response.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

Chronicle integration: Conduct faster, context-driven investigations into active cyberattacks with Vectra and Chronicle

November 19, 2019
Read blog post
Security operations

Swimlane integration: Automate response and speed remediation with Swimlane and Vectra

November 11, 2019
Read blog post
Security operations

Forescout integration: Gain real-time visibility and automated response

November 4, 2019
Read blog post