Discovered by Aleksandar Nikolic of Cisco Talos
Talos is disclosing TALOS-2016-0259 / CVE-2017-2791 an uninitialized memory vulnerability in Adobe Acrobat Reader DC. Adobe Acrobat Reader is one of the largest and well known PDF readers available today.
This particular vulnerability is associated with the JPEG Decoder functionality embedded in the application. A specially crafted PDF document containing a JPEG can be used to trigger this vulnerability which results in a heap-based buffer overflow which can be leveraged to achieve remote code execution. This issue has been resolved in the most recent patch provided by Adobe. The full details surrounding the vulnerability are available here.
The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rule: 41298 – 41305