Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Adobe Reader and Acrobat



Published: 2018-07-10
Severity High
Patch available YES
Number of vulnerabilities 104
CVE ID CVE-2018-12782
CVE-2018-5015
CVE-2018-5028
CVE-2018-5032
CVE-2018-5036
CVE-2018-5038
CVE-2018-5040
CVE-2018-5041
CVE-2018-5045
CVE-2018-5052
CVE-2018-5058
CVE-2018-5067
CVE-2018-12785
CVE-2018-12788
CVE-2018-12798
CVE-2018-5009
CVE-2018-5011
CVE-2018-5065
CVE-2018-12756
CVE-2018-12770
CVE-2018-12772
CVE-2018-12773
CVE-2018-12776
CVE-2018-12783
CVE-2018-12791
CVE-2018-12792
CVE-2018-12796
CVE-2018-12797
CVE-2018-5020
CVE-2018-5021
CVE-2018-5042
CVE-2018-5059
CVE-2018-5064
CVE-2018-5069
CVE-2018-5070
CVE-2018-12754
CVE-2018-12755
CVE-2018-12758
CVE-2018-12760
CVE-2018-12771
CVE-2018-12787
CVE-2018-12802
CVE-2018-5010
CVE-2018-12803
CVE-2018-5014
CVE-2018-5016
CVE-2018-5017
CVE-2018-5018
CVE-2018-5019
CVE-2018-5022
CVE-2018-5023
CVE-2018-5024
CVE-2018-5025
CVE-2018-5026
CVE-2018-5027
CVE-2018-5029
CVE-2018-5031
CVE-2018-5033
CVE-2018-5035
CVE-2018-5039
CVE-2018-5044
CVE-2018-5046
CVE-2018-5047
CVE-2018-5048
CVE-2018-5049
CVE-2018-5050
CVE-2018-5051
CVE-2018-5053
CVE-2018-5054
CVE-2018-5055
CVE-2018-5056
CVE-2018-5060
CVE-2018-5061
CVE-2018-5062
CVE-2018-5063
CVE-2018-5066
CVE-2018-5068
CVE-2018-12757
CVE-2018-12761
CVE-2018-12762
CVE-2018-12763
CVE-2018-12764
CVE-2018-12765
CVE-2018-12766
CVE-2018-12767
CVE-2018-12768
CVE-2018-12774
CVE-2018-12777
CVE-2018-12779
CVE-2018-12780
CVE-2018-12781
CVE-2018-12786
CVE-2018-12789
CVE-2018-12790
CVE-2018-12795
CVE-2018-5057
CVE-2018-12793
CVE-2018-12794
CVE-2018-5012
CVE-2018-5030
CVE-2018-5034
CVE-2018-5037
CVE-2018-5043
CVE-2018-12784
CWE ID CWE-415
CWE-122
CWE-416
CWE-787
CWE-264
CWE-125
CWE-843
CWE-822
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #18 is available.
Public exploit code for vulnerability #33 is available.
Public exploit code for vulnerability #34 is available.
Public exploit code for vulnerability #35 is available.
Public exploit code for vulnerability #36 is available.
Public exploit code for vulnerability #37 is available.
Public exploit code for vulnerability #75 is available.
Public exploit code for vulnerability #77 is available.
Public exploit code for vulnerability #82 is available.
Public exploit code for vulnerability #83 is available.
Public exploit code for vulnerability #84 is available.
Public exploit code for vulnerability #85 is available.
Public exploit code for vulnerability #86 is available.
Vulnerable software
Subscribe
Adobe Acrobat Reader DC
Client/Desktop applications / Office applications

Adobe Acrobat DC
Client/Desktop applications / Office applications

Vendor Adobe

Security Advisory

1) Double free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12782

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a double free error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5015

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5028

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing JPEG files within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5032

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5036

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing textures in Universal 3D (U3D) data in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5038

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing embedded Photoshop File Format data (PSD) within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5040

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing U3D data streams with Silicon Graphics Image (SGI) RGB data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5041

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing U3D data with PICT image data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5045

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing embedded Photoshop File Format data (PSD) within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5052

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing Animator Pro CEL image data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5058

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing XML Paper Specification (XPS) files with embedded JPEG data within .pdf documents in the ImageConversion module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5067

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12785

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12788

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Heap-based buffer overflow

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12798

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents in the core PDF engine page rendering component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5009

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the JavaScript API module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5011

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing digital signatures within .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

Severity: High

CVSSv3: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5065

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12756

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the JavaScript API module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12770

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12772

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12773

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12776

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12783

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12791

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12792

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12796

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing Enhanced Metafile Format Plus (EMF+) data in .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12797

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .pdf documents in the Weblink component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5020

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5021

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents in the Javascript API component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5042

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5059

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds write

Severity: High

CVSSv3: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5064

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

34) Out-of-bounds write

Severity: High

CVSSv3: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5069

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

35) Out-of-bounds write

Severity: High

CVSSv3: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5070

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

36) Out-of-bounds write

Severity: High

CVSSv3: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12754

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

37) Out-of-bounds write

Severity: High

CVSSv3: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12755

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

38) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12758

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12760

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12771

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12787

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Security bypass

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12802

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to unknown error related to security restrictions in the filepicker dialog component. A remote attacker can bypass implemented security policy and execute arbitrary code on the system when the victim opens a specially crafted .pdf document.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5010

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12803

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5014

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5016

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing XML Paper Specification (XPS) TrueType fonts within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5017

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5018

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5019

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing font types within .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5022

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing document fields in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5023

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5024

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing garbage collection in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5025

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing garbage collection in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5026

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5027

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing TIFF data within .pdf files in the XML Paper Specification (XPS) conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5029

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing JPEG images in XML Paper Specification (XPS) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5031

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5033

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5035

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5039

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing picture exchange file format data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5044

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing TIFF data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5046

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Animator Pro CEL image data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5047

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Silicon Graphics Image (SGI) RGB-formatted data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5048

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Interchange File Format (IFF) data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5049

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing bitmap (BMP) data within .pdf files in the Universal 3D (U3D) engine A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5050

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing textures in GIF-formatted data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5051

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5053

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5054

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5055

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5056

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5060

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5061

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5062

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Out-of-bounds read

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5063

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Extensible Stylesheet Language Transformations (XSLT) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

76) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5066

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5068

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Acroform component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

78) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12757

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing JavaScript API calls in the XML Forms Architecture Engine (XFA) component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12761

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12762

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12763

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Out-of-bounds read

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12764

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

83) Out-of-bounds read

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12765

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

84) Out-of-bounds read

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12766

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

85) Out-of-bounds read

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12767

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

86) Out-of-bounds read

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12768

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group 2 (JBIG2) symbol header decoding component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

87) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12774

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12777

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12779

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing CSS elements within .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12780

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12781

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Cascading Stylesheet elements within .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12786

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12789

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12790

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing JPEG 2000 headers in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Out-of-bounds read

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12795

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Type confusion

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5057

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a type confusion error when processing Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Type confusion

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12793

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a type confusion error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Type confusion

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12794

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a type confusion error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Untrusted pointer dereference

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5012

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to an untrusted pointer dereference error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Untrusted pointer dereference

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5030

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to an untrusted pointer dereference error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Memory corruption

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5034

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing pattern brush Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Memory corruption

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5037

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing Graphics Interchange Format (GIF) data within .pdf documents in the Universal 3D (U3D) module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Memory corruption

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-5043

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing Truevision Graphics Adapter raster file format (TGA) data .pdf documents in the Universal 3D (U3D) module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Memory corruption

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12784

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat Reader DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

Adobe Acrobat DC: 2015.006.30306, 2015.006.30355, 2015.006.30392, 2015.006.30394, 2015.006.30413, 2015.006.30417, 2015.006.30418, 2017.009.20044, 2017.009.20058, 2017.011.30079, 2017.011.30080, 2017.012.20098, 2018.009.20044, 2018.009.20050, 2018.011.20035, 2018.011.20038, 2018.011.20040

CPE External links

https://helpx.adobe.com//security/products/acrobat/apsb18-21.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.