homepage
Open menu
Contact Sales

A Journey of Vulnerability Hunting in a Third-Party Plugin in Adobe Acrobat Through Fuzzing

  • Thursday, 01 Jun 2023 3:30PM EDT (01 Jun 2023 19:30 UTC)
  • Speaker: Kai Lu, Zscaler

In today’s cybersecurity landscape, zero-day vulnerabilities pose significant threats to software applications, and their discovery is crucial for effective mitigations. Join us in this webinar as we will share our journey in uncovering vulnerabilities in Adobe Acrobat and Foxit PDF Editor, the two most widely used PDF processing applications.

• Develop a custom harness to fuzz the Solid Framework, a third-party library used by Adobe Acrobat and Foxit PDF Editor for PDF document to Microsoft Office document file conversion.

• Discovered and reported 16 vulnerabilities to date, including six cases in Adobe Acrobat and ten cases in Foxit PDF Editor, with all cases fixed.

• Notably, five of these vulnerabilities impacted both Adobe Acrobat and Foxit PDF Editor, highlighting the potential ripple effects of vulnerabilities in third-party libraries.

• Share insights into our vulnerability-hunting journey, including the techniques used, and the impact of our discoveries.

• Discuss the ethical considerations in vulnerability hunting and responsible disclosure practices.

• Educate software developers about the risks that third-party and open-source libraries pose when used without a thorough security code audit via fuzzing.

Join us to learn from our experiences and gain valuable insights into uncovering vulnerabilities in PDF processing applications. Don’t miss out on the opportunity to enable your knowledge of vulnerability hunting and responsible disclosure practices.

Login to Register
SPONSORSHIP_2023_Analyst_-_Custom_Webcast.jpg

Thank You to our Sponsor

Zscaler_BrandAssets_LogoLockup_Blue.png

Related Content

Blog
NIS2_-_Blog_-_Beyond_Compliance-_Leveraging_NIS2_for_Enhanced_Cyber_Resilience_and_Leadership_Accountability_340_x_340.jpg
Cybersecurity Leadership
Beyond Compliance: Leveraging NIS2 for Enhanced Cyber Resilience and Leadership Accountability
To meet NIS2 risk assessment standards, organizations have multiple steps laid out ahead of them.
370x370_James-Tarala.jpg
James Tarala
read more
Blog
Quest_to_Summit_340x340.png
Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting
The Quest to Summit | SANS ICS Security Summit 2024
Register for the ICS Security Summit to be able to participate in The Quest to Summit and win big prizes.
370x370_Tim-Conway.jpg
Tim Conway
read more
Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more