SB2018021308 - Multiple vulnerabilities in Adobe Reader and Acrobat
Published: February 13, 2018
Security Bulletin ID
SB2018021308
Severity
High
Patch available
YES
Number of vulnerabilities
41
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 41 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2018-4872)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.The weakness exists due to improper privileges and access controls. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and execute arbitrary code with root or system privileges.
Successful exploitation of the vulnerability may result in system compromise.
2) Heap-based buffer overflow (CVE-ID: CVE-2018-4890)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Heap-based buffer overflow (CVE-ID: CVE-2018-4904)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) Heap-based buffer overflow (CVE-ID: CVE-2018-4910)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Heap-based buffer overflow (CVE-ID: CVE-2018-4917)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
6) Use-after-free error (CVE-ID: CVE-2018-4888)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
7) Use-after-free error (CVE-ID: CVE-2018-4892)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
8) Use-after-free error (CVE-ID: CVE-2018-4902)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
9) Use-after-free error (CVE-ID: CVE-2018-4911)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
10) Use-after-free error (CVE-ID: CVE-2018-4913)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
11) Out-of-bounds write (CVE-ID: CVE-2018-4879)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
12) Out-of-bounds write (CVE-ID: CVE-2018-4895)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
13) Out-of-bounds write (CVE-ID: CVE-2018-4898)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
14) Out-of-bounds write (CVE-ID: CVE-2018-4901)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
15) Out-of-bounds write (CVE-ID: CVE-2018-4915)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
16) Out-of-bounds write (CVE-ID: CVE-2018-4916)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
17) Out-of-bounds write (CVE-ID: CVE-2018-4918)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
18) Out-of-bounds read (CVE-ID: CVE-2018-4880)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
19) Out-of-bounds read (CVE-ID: CVE-2018-4881)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
20) Out-of-bounds read (CVE-ID: CVE-2018-4882)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
21) Out-of-bounds read (CVE-ID: CVE-2018-4883)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
22) Out-of-bounds read (CVE-ID: CVE-2018-4884)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
23) Out-of-bounds read (CVE-ID: CVE-2018-4885)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
24) Out-of-bounds read (CVE-ID: CVE-2018-4886)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
25) Out-of-bounds read (CVE-ID: CVE-2018-4887)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
26) Out-of-bounds read (CVE-ID: CVE-2018-4889)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling an embedded JPEG image in an XPS document within XPS component. A remote attacker can trick the victim into opening a specially crafted file and cause the application to crash.
27) Out-of-bounds read (CVE-ID: CVE-2018-4891)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
28) Out-of-bounds read (CVE-ID: CVE-2018-4893)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
29) Out-of-bounds read (CVE-ID: CVE-2018-4894)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
30) Out-of-bounds read (CVE-ID: CVE-2018-4896)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
31) Out-of-bounds read (CVE-ID: CVE-2018-4897)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
32) Out-of-bounds read (CVE-ID: CVE-2018-4899)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
33) Out-of-bounds read (CVE-ID: CVE-2018-4900)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
34) Out-of-bounds read (CVE-ID: CVE-2018-4903)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
35) Out-of-bounds read (CVE-ID: CVE-2018-4905)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
36) Out-of-bounds read (CVE-ID: CVE-2018-4906)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
37) Out-of-bounds read (CVE-ID: CVE-2018-4907)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
38) Out-of-bounds read (CVE-ID: CVE-2018-4908)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
39) Out-of-bounds read (CVE-ID: CVE-2018-4909)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
40) Out-of-bounds read (CVE-ID: CVE-2018-4912)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
41) Out-of-bounds read (CVE-ID: CVE-2018-4914)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.
Remediation
Install update from vendor's website.