Multiple vulnerabilities in Adobe Reader and Acrobat



Risk High
Patch available YES
Number of vulnerabilities 41
CVE-ID CVE-2018-4872
CVE-2018-4890
CVE-2018-4904
CVE-2018-4910
CVE-2018-4917
CVE-2018-4888
CVE-2018-4892
CVE-2018-4902
CVE-2018-4911
CVE-2018-4913
CVE-2018-4879
CVE-2018-4895
CVE-2018-4898
CVE-2018-4901
CVE-2018-4915
CVE-2018-4916
CVE-2018-4918
CVE-2018-4880
CVE-2018-4881
CVE-2018-4882
CVE-2018-4883
CVE-2018-4884
CVE-2018-4885
CVE-2018-4886
CVE-2018-4887
CVE-2018-4889
CVE-2018-4891
CVE-2018-4893
CVE-2018-4894
CVE-2018-4896
CVE-2018-4897
CVE-2018-4899
CVE-2018-4900
CVE-2018-4903
CVE-2018-4905
CVE-2018-4906
CVE-2018-4907
CVE-2018-4908
CVE-2018-4909
CVE-2018-4912
CVE-2018-4914
CWE-ID CWE-264
CWE-122
CWE-416
CWE-787
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 41 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU10490

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4872

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to improper privileges and access controls. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and execute arbitrary code with root or system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU10472

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4890

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU10473

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4904

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU10474

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4910

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Heap-based buffer overflow

EUVDB-ID: #VU10475

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4917

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free error

EUVDB-ID: #VU10476

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4888

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free error

EUVDB-ID: #VU10477

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4892

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free error

EUVDB-ID: #VU10478

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4902

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free error

EUVDB-ID: #VU10479

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4911

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free error

EUVDB-ID: #VU10480

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4913

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds write

EUVDB-ID: #VU10481

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4879

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds write

EUVDB-ID: #VU10482

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4895

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU10483

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4898

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds write

EUVDB-ID: #VU10484

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4901

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU10485

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4915

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds write

EUVDB-ID: #VU10486

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4916

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds write

EUVDB-ID: #VU10512

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4918

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU10487

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4880

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU10488

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4881

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU10489

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4882

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU10491

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4883

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU10492

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4884

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU10493

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4885

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU10494

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4886

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU10495

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4887

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU10496

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4889

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling an embedded JPEG image in an XPS document within XPS component. A remote attacker can trick the victim into opening a specially crafted file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU10497

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4891

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU10498

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4893

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU10499

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU10500

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4896

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds read

EUVDB-ID: #VU10501

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4897

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU10502

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4899

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU10503

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4900

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU10504

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4903

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

EUVDB-ID: #VU10505

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4905

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU10506

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4906

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU10507

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4907

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU10508

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4908

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU10509

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4909

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU10510

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4912

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU10511

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4914

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Adobe Acrobat: 15.006.30394 - 18.009.20050

Adobe Reader: 2015.006.30394 - 2018.009.20050

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-02.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###