Vulnerability Hunting in a Third-Party Plugin in Adobe Acrobat Through Fuzzing

Presented by

Kai Lu, Principal Security Researcher at Zscaler

About this talk

In today’s cybersecurity landscape, zero-day vulnerabilities pose significant threats to software applications, and their discovery is crucial for effective mitigations. Join us in this webinar as we will share our journey in uncovering vulnerabilities in Adobe Acrobat and Foxit PDF Editor, the two most widely used PDF processing applications. • Develop a custom harness to fuzz the Solid Framework, a third-party library used by Adobe Acrobat and Foxit PDF Editor for PDF document to Microsoft Office document file conversion. • Discovered and reported 16 vulnerabilities to date, including six cases in Adobe Acrobat and ten cases in Foxit PDF Editor, with all cases fixed. • Notably, five of these vulnerabilities impacted both Adobe Acrobat and Foxit PDF Editor, highlighting the potential ripple effects of vulnerabilities in third-party libraries. • Share insights into our vulnerability-hunting journey, including the techniques used, and the impact of our discoveries. • Discuss the ethical considerations in vulnerability hunting and responsible disclosure practices. • Educate software developers about the risks that third-party and open-source libraries pose when used without a thorough security code audit via fuzzing. Join us to learn from our experiences and gain valuable insights into uncovering vulnerabilities in PDF processing applications. Don’t miss out on the opportunity to enable your knowledge of vulnerability hunting and responsible disclosure practices.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (140)
Subscribers (17433)
Back in the day when your users were all on the network and your applications resided in your physical data center, it made sense to establish a secure perimeter around your network. But those days are over, the perimeter is gone, and network security is all but irrelevant. Instead, you need to put your defenses and controls where the connections occur— the internet — so that every connection is fast and secure, no matter how or where users connect or where their applications reside. By moving applications and infrastructure to the cloud and untethering employees from their desks, you can realize tremendous advantages in productivity, agility, and cost containment. With our 100% cloud built secure platform, Zscaler can help you make the move to the cloud, securely.