Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Vectra Threat Labs discovers vulnerabilities in Adobe Reader and Internet Explorer

By:
Chris Morales
October 14, 2015

Today, Vectra researchers were again credited with discovering critical vulnerabilities that impact the security of Adobe Reader, VBScript, and Internet Explorer.

The vulnerability in Adobe Reader (CVE-2015-6687) is a use-after-free bug that could lead to arbitrary code execution. An analysis of this and other recently patched Adobe vulnerabilities can be found here.

Additionally, researchers found additional critical vulnerabilities (MS15-106 and MS15-108) that allow attackers to bypass Address Space Layout Randomization (ASLR) protections. These vulnerabilities are particularly significant because ASLR protects against memory corruption attacks by making the layout of memory unpredictable. As a result, any vulnerability that bypasses ASLR is highly valuable to attackers.

About the author

Chris Morales

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

Vectra is positioned as the sole visionary in the 2018 Gartner Magic Quadrant for IDPS

January 12, 2018
Read blog post
Cybersecurity

BGP hijackers: “This traffic is going to Russia!”

December 14, 2017
Read blog post
Cybersecurity

An analysis of the Shamoon 2 malware attack

February 7, 2017
Read blog post