Adobe Acrobat Reader DC Use-After-Free Remote Code Execution Vulnerability Date: January 12th, 2016 ZDI ID: ZDI-16-010 ZDI CAN: ZDI-CAN-3336 CVE ID: CVE-2016-0941 CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Affected Vendor: Adobe Affected Product: Acrobat Reader DC Vulnerability Details: - Allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. - User interaction is required to exploit the vulnerability (visit a malicious page or open a malicious file). - Flaw exists within the Search object, allowing reuse of a dangling pointer. Protection for Trend Micro Customers: Protected by Digital Vaccine protection filter ID ['21210']. More details at: http://www.tippingpoint.com Additional Details: Adobe has issued an update. More details at: https://helpx.adobe.com/security/products/acrobat/apsb16-02.html Disclosure Timeline: - 2015-10-01: Vulnerability reported to vendor - 2016-01-12: Coordinated public release of advisory Credit: AbdulAziz Hariri and Jasieł Speliman - HPE Zero Day Initiative