Acrobat Reader Windows sandbox is affected by critical flaw

9 years ago
30 November 2014
1 reply
284 views

Userlevel 7

+54

Jasper_The_Rasper
Moderator
10589 replies

by Pierluigi Paganini on November 30th, 2014

A researcher at Google discovered a critical flaw in Windows Acrobat Reader 11 Sandbox that could be exploited to access a system and gain higher privileges

Google security researcher James Forshaw claims that the Acrobat Reader Windows sandbox is affected by critical vulnerability that could allow attackers to compromise a system and gain higher privileges.

“The Acrobat Reader Windows sandbox is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. This could be used to break out of the sandbox leading to execution at higher privileges.” states Forshaw in an advisory for version 11.0.8 (10.* not tested).

http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/Windows-Acrobat-Reader-11-Sandbox-Escape.png

Full Article

1 reply

Userlevel 7

retiredAntus67
Community Guide
5988 replies
9 years ago
30 November 2014

This being the case its obvious a patch will be coming forthwith. However if Windows Acrobat Reader is being targeted, what other alternative software can one use in its place??

Reply

We have recently updated our Privacy Policies. We encourage you to read the full terms here.

A researcher at Google discovered a critical flaw in Windows Acrobat Reader 11 Sandbox that could be exploited to access a system and gain higher privileges

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded