Adobe Reader's Custom Memory Management: a Heap of Trouble

This is a PDF-specific exploitation research focusing on the custom heap management on Adobe Reader. When Adobe Reader is processing a PDF file, in most allocation cases, it does not directly use the system's heap, but maintains its own heap management system on top of the system-level heap management system. This feature provides an easier and reliable way to leverage PDF heap-based vulnerabilities.


This is a PDF-specific exploitation research focusing on the custom heap management on Adobe Reader. When Adobe Reader is processing a PDF file, in most allocation cases, it does not directly use the system's heap, but maintains its own heap management system on top of the system-level heap management system. This feature provides an easier and reliable way to leverage PDF heap-based vulnerabilities.

References

BlackHat Europe 2010