The 2010 Pwnie Nominee For Most Innovative Research

Adobe Reader’s Custom Memory Management: A Heap of Trouble

Authors: Haifei Li, Guillaume Lovet

This is a PDF-specific exploitation¬†research¬†focusing on the custom heap management on Adobe Reader. When Adobe Reader is processing a PDF file, in most allocation cases, it does not directly use the system’s heap, but maintains its own heap management system on top of the system-level heap management system. This feature provides an easier and reliable way to leverage PDF heap-based vulnerabilities.