B.E. (with honors) in Computer Science, BITS Pilani, India (August 1999 — June 2003); Bronze Medal (CGPA 9.92/10).

Industry Experience

  • Adobe Systems, Noida (November 2003 — ): I’ve been working as a Principal Scientist with the Adobe Acrobat team. My most recent work has been on the design and implementation of the Reader X Protected Mode (see ASSET posts announcing and describing it).
    Before that, in Acrobat 9, I worked with the team that re-designed the Acrobat WebCapture feature. My tasks included integration of the downloader component to the WebKit engine, synchronizing idle-time events, and some performance-related activities.
    And even before that, I designed and implemented PDFMakers for Microsoft Word 2007 (Acrobat 8.1), IBM Lotus Notes (Acrobat 8), and Microsoft Publisher (Acrobat 7).
  • Wipro Technologies, Bangalore (July 2003 — November 2003): As a Systems Engineer, my responsibilities involved analyzing and fixing defects in the HP/Tandem NonStop kernel. I identified, replicated and fixed a particularly interesting bug that arose due to a subtle race condition in the TCP stack. The task involved debugging MIPS assembly and C code.
  • National Semiconductor, Bangalore (January 2003 — June 2003): As an intern, I developed a collection of Perl scripts and C programs (collectively called The FreeBSD Network Testing Tool) that automated the testing of NIC device drivers on FreeBSD.

Bug Bounties and CVE Acknowledgements

  • I shared the $1000 bounty for reporting a security bug to Google Chrome team and am mentioned in The Chromium Projects Security Hall of Fame.
  • CVE-2015-1627: Internet Explorer Enhanced Protected Mode Sandbox Escape. Fixed in MS15-018.
  • CVE-2015-0078: Win32k Elevation of Privilege Vulnerability. Fixed in MS15-023.
  • Others to be disclosed once fixed!

Honors and Awards

Programming Languages/Technology Experience

  • Most of my work has been in C and C++ (on Windows and Mac), with regular x86-assembly debugging.
  • I have a reasonably good understanding of the PDF format.
  • I have basic knowledge of the HTML markup and JavaScript.
  • For fun, I enjoy programming in Scheme, EMACS LISP, Haskell and Python.

Professional Societies

Member of the Association for Computing Machinery, 2007 –.

Hobbies and Interests

I’m fascinated with design and analysis of algorithms, vulnerability research, sandboxing.


ashutoshmehra at gmail dot com