Multiple vulnerabilities in Adobe Reader and Acrobat
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 49 |
| CVE-ID | CVE-2018-4990 CVE-2018-4947 CVE-2018-4948 CVE-2018-4966 CVE-2018-4968 CVE-2018-4978 CVE-2018-4982 CVE-2018-4984 CVE-2018-4952 CVE-2018-4954 CVE-2018-4958 CVE-2018-4959 CVE-2018-4961 CVE-2018-4971 CVE-2018-4974 CVE-2018-4977 CVE-2018-4980 CVE-2018-4983 CVE-2018-4988 CVE-2018-4989 CVE-2018-4950 CVE-2018-4979 CVE-2018-4949 CVE-2018-4951 CVE-2018-4955 CVE-2018-4956 CVE-2018-4957 CVE-2018-4960 CVE-2018-4962 CVE-2018-4963 CVE-2018-4964 CVE-2018-4967 CVE-2018-4969 CVE-2018-4970 CVE-2018-4972 CVE-2018-4973 CVE-2018-4975 CVE-2018-4976 CVE-2018-4981 CVE-2018-4986 CVE-2018-4985 CVE-2018-4953 CVE-2018-4987 CVE-2018-4965 CVE-2018-4993 CVE-2018-4996 CVE-2018-4995 CVE-2018-12812 CVE-2018-12815 |
| CWE-ID | CWE-415 CWE-122 CWE-416 CWE-787 CWE-200 CWE-125 CWE-843 CWE-822 CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #41 is available. Vulnerability #45 is being exploited in the wild. |
| Vulnerable software Subscribe |
Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 49 vulnerabilities.
Updated on 15.05.2018. Added information about in the wild exploitation of CVE-2018-4990. Raised severity level to Critical.
1) Double free memory error
EUVDB-ID: #VU12659
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-4990
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to double free memory error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Mitigation
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Heap-based buffer overflow
EUVDB-ID: #VU12662
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4947
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU12663
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4948
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU12664
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4966
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU12665
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4968
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU12666
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4978
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU12667
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4982
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU12668
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4984
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free error
EUVDB-ID: #VU12673
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4952
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free error
EUVDB-ID: #VU12674
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4954
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free error
EUVDB-ID: #VU12675
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free error
EUVDB-ID: #VU12676
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4959
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free error
EUVDB-ID: #VU12677
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4961
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free error
EUVDB-ID: #VU12678
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free error
EUVDB-ID: #VU12679
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free error
EUVDB-ID: #VU12680
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4977
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free error
EUVDB-ID: #VU12681
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4980
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free error
EUVDB-ID: #VU12682
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free error
EUVDB-ID: #VU12683
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4988
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free error
EUVDB-ID: #VU12684
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4989
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds write
EUVDB-ID: #VU12669
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4950
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Information disclosure
EUVDB-ID: #VU12687
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4979
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper access controls. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU12690
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4949
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU12691
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4951
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU12692
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4955
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU12693
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4956
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU12694
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4957
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU12695
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU12696
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4962
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU12697
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4963
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU12698
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4964
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU12699
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU12700
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU12701
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU12702
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4972
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU12703
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4973
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU12704
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4975
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU12705
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU12706
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4981
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU12708
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4986
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU12707
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-4985
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
42) Type confusion
EUVDB-ID: #VU12670
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4953
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Untrusted pointer dereference
EUVDB-ID: #VU12672
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4987
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Memory corruption
EUVDB-ID: #VU12688
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Information disclosure
EUVDB-ID: #VU12689
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-4993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to NTLM SSO hash theft when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20038
Adobe Acrobat: 15.006.30306 - 18.011.20038
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
46) Use-after-free error
EUVDB-ID: #VU12740
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4996
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Adobe Acrobat: 15.006.30306 - 18.011.20038
Adobe Reader: 2015.006.30306 - 2018.011.20038
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Security restrictions bypass
EUVDB-ID: #VU12739
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4995
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to HTTP POST new line injection via XFA submission. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and conduct further attacks.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Adobe Acrobat: 15.006.30306 - 18.011.20038
Adobe Reader: 2015.006.30306 - 2018.011.20038
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Type confusion
EUVDB-ID: #VU13893
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12812
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Adobe Acrobat: 15.006.30306 - 18.011.20038
Adobe Reader: 2015.006.30306 - 2018.011.20038
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Heap-based buffer overflow
EUVDB-ID: #VU13895
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12815
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.
Adobe Acrobat: 15.006.30306 - 18.011.20038
Adobe Reader: 2015.006.30306 - 2018.011.20038
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb18-09.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
