Vulnerability ID: - ZDI-15-466 - ZDI-CAN-2958 CVE ID: CVE-2015-6686 CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Affected Vendor: Adobe Affected Product: Acrobat Reader DC Vulnerability Details: - Allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. - Requires user interaction to exploit. - Specifically, a specially crafted PDF file with a specific combination of fields can force a dangling pointer to be reused after it has been freed, leading to remote code execution. Additional Details: Adobe has issued an update to correct this vulnerability. More details can be found at: - https://helpx.adobe.com/security/products/acrobat/apsb15-24.html Disclosure Timeline: - 2015-05-21 - Vulnerability reported to vendor - 2015-10-13 - Coordinated public release of advisory Credit: Brian Gorenc - HP Zero Day Initiative