A Journey of Vulnerability Hunting in a Third-Party Plugin in Adobe Acrobat Through Fuzzing

  • Thursday, 01 Jun 2023 3:30PM EDT (01 Jun 2023 19:30 UTC)
  • Speaker: Kai Lu, Zscaler

In today’s cybersecurity landscape, zero-day vulnerabilities pose significant threats to software applications, and their discovery is crucial for effective mitigations. Join us in this webinar as we will share our journey in uncovering vulnerabilities in Adobe Acrobat and Foxit PDF Editor, the two most widely used PDF processing applications.

• Develop a custom harness to fuzz the Solid Framework, a third-party library used by Adobe Acrobat and Foxit PDF Editor for PDF document to Microsoft Office document file conversion.

• Discovered and reported 16 vulnerabilities to date, including six cases in Adobe Acrobat and ten cases in Foxit PDF Editor, with all cases fixed.

• Notably, five of these vulnerabilities impacted both Adobe Acrobat and Foxit PDF Editor, highlighting the potential ripple effects of vulnerabilities in third-party libraries.

• Share insights into our vulnerability-hunting journey, including the techniques used, and the impact of our discoveries.

• Discuss the ethical considerations in vulnerability hunting and responsible disclosure practices.

• Educate software developers about the risks that third-party and open-source libraries pose when used without a thorough security code audit via fuzzing.

Join us to learn from our experiences and gain valuable insights into uncovering vulnerabilities in PDF processing applications. Don’t miss out on the opportunity to enable your knowledge of vulnerability hunting and responsible disclosure practices.


Thank You to our Sponsor