ZDI-24-492: Adobe Acrobat Pro DC AcroForm Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-30280.

vaultwarden-1.32.7-1.fc41

FEDORA-2025-0abee701c3 Packages in this update: vaultwarden-1.32.7-1.fc41 Update description: update to 1.32.7 Read More

January 15, 2025

freeipa-4.12.2-3.fc40

FEDORA-2025-6baf694c75 Packages in this update: freeipa-4.12.2-3.fc40 Update description: CVE-2024-11029 Release note: https://www.freeipa.org/release-notes/4-12-3.html Read More

January 15, 2025

freeipa-4.12.2-7.fc41

FEDORA-2025-b21777d1b5 Packages in this update: freeipa-4.12.2-7.fc41 Update description: CVE-2024-11029 Release note: https://www.freeipa.org/release-notes/4-12-3.html Read More

January 15, 2025

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required...

January 15, 2025

ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the...

January 15, 2025

ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required...

January 15, 2025

Multi-Cloud Adoption Surges Amid Rising Security Concerns

Chinese PlugX Malware Deleted in Global Law Enforcement Operation

Illicit Crypto-Inflows Set to Top $51bn in a Year

Phishing False Alarm

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

Secureworks Exposes North Korean Links to Fraudulent Crowdfunding

Microsoft Patches Eight Zero-Days to Start the Year

Microsoft: Happy 2025. Here’s 161 Security Updates

Upcoming Speaking Engagements

ZDI-24-492: Adobe Acrobat Pro DC AcroForm Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability

vaultwarden-1.32.7-1.fc41

freeipa-4.12.2-3.fc40

freeipa-4.12.2-7.fc41

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability