| This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The vulnerability is triggered by a crafted JavaScript embedded in a PDF file that invokes a sequence of event methods related to keyword focus. It triggers access violation exception because of a dangling reference left as a consequence of freeing an object. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption, control-flow hijack, or information leak attack. Successful exploitation could lead to arbitrary code execution. |
