Multiple vulnerabilities in Adobe Reader and Acrobat



| Updated: 2018-07-17
Risk Critical
Patch available YES
Number of vulnerabilities 49
CVE-ID CVE-2018-4990
CVE-2018-4947
CVE-2018-4948
CVE-2018-4966
CVE-2018-4968
CVE-2018-4978
CVE-2018-4982
CVE-2018-4984
CVE-2018-4952
CVE-2018-4954
CVE-2018-4958
CVE-2018-4959
CVE-2018-4961
CVE-2018-4971
CVE-2018-4974
CVE-2018-4977
CVE-2018-4980
CVE-2018-4983
CVE-2018-4988
CVE-2018-4989
CVE-2018-4950
CVE-2018-4979
CVE-2018-4949
CVE-2018-4951
CVE-2018-4955
CVE-2018-4956
CVE-2018-4957
CVE-2018-4960
CVE-2018-4962
CVE-2018-4963
CVE-2018-4964
CVE-2018-4967
CVE-2018-4969
CVE-2018-4970
CVE-2018-4972
CVE-2018-4973
CVE-2018-4975
CVE-2018-4976
CVE-2018-4981
CVE-2018-4986
CVE-2018-4985
CVE-2018-4953
CVE-2018-4987
CVE-2018-4965
CVE-2018-4993
CVE-2018-4996
CVE-2018-4995
CVE-2018-12812
CVE-2018-12815
CWE-ID CWE-415
CWE-122
CWE-416
CWE-787
CWE-200
CWE-125
CWE-843
CWE-822
CWE-119
CWE-20
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Public exploit code for vulnerability #41 is available.
Vulnerability #45 is being exploited in the wild.
Vulnerable software
Adobe Reader
Client/Desktop applications / Office applications

Adobe Acrobat
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 49 vulnerabilities.

Updated on 15.05.2018. Added information about in the wild exploitation of CVE-2018-4990. Raised severity level to Critical.

1) Double free memory error

EUVDB-ID: #VU12659

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-4990

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to double free memory error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.
Note: the vulnerability has being exploited in the wild in March 2018 along with exploit for SB2018050813.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Heap-based buffer overflow

EUVDB-ID: #VU12662

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4947

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU12663

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4948

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU12664

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4966

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Heap-based buffer overflow

EUVDB-ID: #VU12665

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4968

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer overflow

EUVDB-ID: #VU12666

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4978

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

EUVDB-ID: #VU12667

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4982

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-based buffer overflow

EUVDB-ID: #VU12668

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4984

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free error

EUVDB-ID: #VU12673

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4952

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free error

EUVDB-ID: #VU12674

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4954

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free error

EUVDB-ID: #VU12675

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free error

EUVDB-ID: #VU12676

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4959

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free error

EUVDB-ID: #VU12677

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4961

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free error

EUVDB-ID: #VU12678

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free error

EUVDB-ID: #VU12679

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free error

EUVDB-ID: #VU12680

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4977

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free error

EUVDB-ID: #VU12681

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4980

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free error

EUVDB-ID: #VU12682

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free error

EUVDB-ID: #VU12683

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4988

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free error

EUVDB-ID: #VU12684

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4989

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU12669

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4950

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Information disclosure

EUVDB-ID: #VU12687

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4979

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper access controls. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU12690

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4949

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU12691

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4951

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU12692

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4955

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU12693

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4956

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU12694

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4957

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU12695

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4960

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU12696

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4962

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU12697

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4963

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds read

EUVDB-ID: #VU12698

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4964

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU12699

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4967

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU12700

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU12701

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4970

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

EUVDB-ID: #VU12702

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4972

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU12703

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4973

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU12704

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4975

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU12705

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4976

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU12706

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4981

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU12708

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4986

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU12707

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-4985

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

42) Type confusion

EUVDB-ID: #VU12670

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4953

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Untrusted pointer dereference

EUVDB-ID: #VU12672

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4987

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to untrusted pointer dereference when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Memory corruption

EUVDB-ID: #VU12688

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Information disclosure

EUVDB-ID: #VU12689

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-4993

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to NTLM SSO hash theft when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and gain access to arbitrary data.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Reader: 2015.006.30306 - 2018.011.20038

Adobe Acrobat: 15.006.30306 - 18.011.20038

CPE2.3 External links

http://helpx.adobe.com//security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

46) Use-after-free error

EUVDB-ID: #VU12740

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4996

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 18.011.20038

Adobe Reader: 2015.006.30306 - 2018.011.20038

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Security restrictions bypass

EUVDB-ID: #VU12739

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4995

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to HTTP POST new line injection via XFA submission. A remote attacker can trick the victim into opening a specially crafted .pdf file, bypass security restrictions and conduct further attacks.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 18.011.20038

Adobe Reader: 2015.006.30306 - 2018.011.20038

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Type confusion

EUVDB-ID: #VU13893

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12812

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 18.011.20038

Adobe Reader: 2015.006.30306 - 2018.011.20038

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Heap-based buffer overflow

EUVDB-ID: #VU13895

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12815

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 2018.011.20040, 2017.011.30080 or 2015.006.30418.

Vulnerable software versions

Adobe Acrobat: 15.006.30306 - 18.011.20038

Adobe Reader: 2015.006.30306 - 2018.011.20038

CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb18-09.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###