I am impressed by your exploit, it is great. I am learn from it. And I have some questions.

I noticed that you have some useful symbol information in your blog, such as the crash point, AcroForm!CAgg::operator[](unsigned short). I found that symbol CAgg is not exist in the release version executable of the software.

How did you get these symbols? Did you get a version of the software with symbols? Or did you reverse the application and get the symbols by yourself?

Thanks very much.

Hi @xupeng1231 the symbols mentioned might not be 100% accurate. We ported it from the solaris build of Adobe.