| This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The vulnerability is triggered by a crafted JavaScript embedded within PDF file. It triggers access violation exception because of a dangling reference left as a consequence of freeing an object as consequence of mutually recursive JavaScript API notification events. A constraint for exploitation of this vulnerability is that the memory area of the freed (i.e., old) object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access -- potentially leading to code corruption, control-flow hijack, or information leak attack. Successful exploitation could lead to arbitrary code execution. |
