Adobe released a second patch to address the CVE 2019-7089 flaw in Adobe Reader after an expert found the way to bypass the first fix.

Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised a method to bypass the first fix.

The vulnerability was discovered by Alex Inführ from Cure53, the expert discovered that the flaw could be exploited by using a specially crafted PDF document to send SMB requests to the attacker’s server when the file is opened.

The expert explained that the flaw is similar to the

CVE-2018-4993 (aka “BadPDF“) that fixed by Adobe in November. The flaw allowed to trigger a callback to an attacker-controlled SMB server and leak the users NTMLv2 hash.

Inführ tested the PoC on Adobe Acrobat Reader DC 19.010.20069 running on Windows OS.

The February 2019 Patch Tuesday updates addressed the vulnerability, but Infuhr immediately discovered that it could be bypassed.

No it does not seem to properly patched as I discovered a bypass. Going to report the bypass to Adobe — alex (@insertScript) February 13, 2019

News of the day is that Adobe released a second patch for the flaw in Adobe Reader and assigned it a new CVE identifier, CVE-2019-7815.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS . These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019.” reads the security advisory.

“Successful exploitation could lead to sensitive information disclosure in the context of the current user. ”

Last week, the 0patch experts released a micropatch to address the Adobe Reader flaw.

The good news is that Adobe it’s not aware of any attack exploiting the flaw in-the-wild. Now Adobe assigned the flaw a priority rating of 2, which suggests that exploitation should not be imminent.

Pierluigi Paganini

( SecurityAffairs – Adobe Reader, hacking)

Share this...

Linkedin Reddit Pinterest

Share On