Pwning Adobe Reader Multiple Times With Malformed Strings

Explore a detailed analysis of exploitable vulnerabilities in Adobe Reader caused by malformed strings in this 49-minute conference talk from the Hack In The Box Security Conference. Delve into four specific vulnerabilities, two leading to information disclosure and two enabling direct code execution. Learn how incorrect implementation of security-enhanced string handling functions can create critical security risks, even in modern software development environments. Gain insights from senior security researcher Ke Liu of Tencent Security Xuanwu Lab, who has discovered nearly 400 vulnerabilities affecting major tech companies. Understand the intricacies of type confusion conditions and how they can be leveraged for code execution in certain circumstances.