Authors: Haifei Li, Guillaume Lovet
This is a PDF-specific exploitation research focusing on the custom heap management on Adobe Reader. When Adobe Reader is processing a PDF file, in most allocation cases, it does not directly use the system’s heap, but maintains its own heap management system on top of the system-level heap management system. This feature provides an easier and reliable way to leverage PDF heap-based vulnerabilities.