Risk | High |
Patch available | YES |
Number of vulnerabilities | 104 |
CVE-ID | CVE-2018-12782 CVE-2018-5015 CVE-2018-5028 CVE-2018-5032 CVE-2018-5036 CVE-2018-5038 CVE-2018-5040 CVE-2018-5041 CVE-2018-5045 CVE-2018-5052 CVE-2018-5058 CVE-2018-5067 CVE-2018-12785 CVE-2018-12788 CVE-2018-12798 CVE-2018-5009 CVE-2018-5011 CVE-2018-5065 CVE-2018-12756 CVE-2018-12770 CVE-2018-12772 CVE-2018-12773 CVE-2018-12776 CVE-2018-12783 CVE-2018-12791 CVE-2018-12792 CVE-2018-12796 CVE-2018-12797 CVE-2018-5020 CVE-2018-5021 CVE-2018-5042 CVE-2018-5059 CVE-2018-5064 CVE-2018-5069 CVE-2018-5070 CVE-2018-12754 CVE-2018-12755 CVE-2018-12758 CVE-2018-12760 CVE-2018-12771 CVE-2018-12787 CVE-2018-12802 CVE-2018-5010 CVE-2018-12803 CVE-2018-5014 CVE-2018-5016 CVE-2018-5017 CVE-2018-5018 CVE-2018-5019 CVE-2018-5022 CVE-2018-5023 CVE-2018-5024 CVE-2018-5025 CVE-2018-5026 CVE-2018-5027 CVE-2018-5029 CVE-2018-5031 CVE-2018-5033 CVE-2018-5035 CVE-2018-5039 CVE-2018-5044 CVE-2018-5046 CVE-2018-5047 CVE-2018-5048 CVE-2018-5049 CVE-2018-5050 CVE-2018-5051 CVE-2018-5053 CVE-2018-5054 CVE-2018-5055 CVE-2018-5056 CVE-2018-5060 CVE-2018-5061 CVE-2018-5062 CVE-2018-5063 CVE-2018-5066 CVE-2018-5068 CVE-2018-12757 CVE-2018-12761 CVE-2018-12762 CVE-2018-12763 CVE-2018-12764 CVE-2018-12765 CVE-2018-12766 CVE-2018-12767 CVE-2018-12768 CVE-2018-12774 CVE-2018-12777 CVE-2018-12779 CVE-2018-12780 CVE-2018-12781 CVE-2018-12786 CVE-2018-12789 CVE-2018-12790 CVE-2018-12795 CVE-2018-5057 CVE-2018-12793 CVE-2018-12794 CVE-2018-5012 CVE-2018-5030 CVE-2018-5034 CVE-2018-5037 CVE-2018-5043 CVE-2018-12784 |
CWE-ID | CWE-415 CWE-122 CWE-416 CWE-787 CWE-264 CWE-125 CWE-843 CWE-822 CWE-119 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #18 is available. Public exploit code for vulnerability #33 is available. Public exploit code for vulnerability #34 is available. Public exploit code for vulnerability #35 is available. Public exploit code for vulnerability #36 is available. Public exploit code for vulnerability #37 is available. Public exploit code for vulnerability #75 is available. Public exploit code for vulnerability #77 is available. Public exploit code for vulnerability #82 is available. Public exploit code for vulnerability #83 is available. Public exploit code for vulnerability #84 is available. Public exploit code for vulnerability #85 is available. Public exploit code for vulnerability #86 is available. Vulnerability #98 is being exploited in the wild. |
Vulnerable software Subscribe |
Adobe Reader Client/Desktop applications / Office applications Adobe Acrobat Client/Desktop applications / Office applications |
Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 104 vulnerabilities.
EUVDB-ID: #VU13625
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12782
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a double free error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13627
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5015
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13632
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5028
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JPEG files within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13633
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5032
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13634
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5036
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing textures in Universal 3D (U3D) data in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13635
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5038
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded Photoshop File Format data (PSD) within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13636
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5040
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D data streams with Silicon Graphics Image (SGI) RGB data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13637
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5041
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D data with PICT image data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13638
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5045
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded Photoshop File Format data (PSD) within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13639
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5052
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Animator Pro CEL image data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13640
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5058
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing XML Paper Specification (XPS) files with embedded JPEG data within .pdf documents in the ImageConversion module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13641
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5067
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13642
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12785
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13643
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12788
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13644
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12798
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents in the core PDF engine page rendering component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13645
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5009
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the JavaScript API module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13646
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5011
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing digital signatures within .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13647
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5065
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13648
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12756
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the JavaScript API module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13649
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12770
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13650
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12772
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13651
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12773
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13652
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12776
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13653
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12783
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13654
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13655
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12792
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13656
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing Enhanced Metafile Format Plus (EMF+) data in .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13657
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12797
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the Weblink component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13658
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5020
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13682
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5021
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents in the Javascript API component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13687
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5042
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13688
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5059
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13689
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5064
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13690
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5069
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13691
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5070
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13692
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12754
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13693
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12755
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13694
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12758
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13695
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12760
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13696
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12771
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13697
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12787
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13700
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12802
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to unknown error related to security restrictions in the filepicker dialog component. A remote attacker can bypass implemented security policy and execute arbitrary code on the system when the victim opens a specially crafted .pdf document.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13701
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5010
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13703
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12803
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13704
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5014
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13705
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing XML Paper Specification (XPS) TrueType fonts within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13706
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13707
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5018
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13708
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5019
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing font types within .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13709
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5022
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing document fields in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13710
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5023
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13711
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5024
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing garbage collection in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13712
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5025
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing garbage collection in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13713
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5026
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13714
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5027
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing TIFF data within .pdf files in the XML Paper Specification (XPS) conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13715
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5029
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing JPEG images in XML Paper Specification (XPS) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13716
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5031
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13717
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5033
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13718
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5035
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13719
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5039
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing picture exchange file format data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13720
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5044
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing TIFF data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13721
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5046
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Animator Pro CEL image data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13722
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5047
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Silicon Graphics Image (SGI) RGB-formatted data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13723
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5048
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Interchange File Format (IFF) data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13724
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5049
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing bitmap (BMP) data within .pdf files in the Universal 3D (U3D) engine A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13725
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5050
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing textures in GIF-formatted data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13726
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5051
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13727
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5053
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13728
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5054
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13729
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5055
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13730
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5056
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13731
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5060
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13732
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5061
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13733
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5062
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13734
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5063
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Extensible Stylesheet Language Transformations (XSLT) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13735
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5066
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13736
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5068
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Acroform component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13737
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing JavaScript API calls in the XML Forms Architecture Engine (XFA) component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13738
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12761
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13739
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12762
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13740
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12763
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13741
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12764
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13742
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12765
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13743
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13744
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12767
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13745
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12768
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group 2 (JBIG2) symbol header decoding component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13746
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12774
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13747
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12777
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13748
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12779
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing CSS elements within .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13749
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12780
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13750
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12781
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Cascading Stylesheet elements within .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13751
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12786
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13752
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12789
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13753
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12790
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing JPEG 2000 headers in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13754
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12795
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
Install updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13757
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5057
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a type confusion error when processing Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13758
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12793
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a type confusion error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13759
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-12794
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a type confusion error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU13760
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5012
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an untrusted pointer dereference error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13761
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5030
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an untrusted pointer dereference error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13762
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5034
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing pattern brush Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13763
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5037
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Graphics Interchange Format (GIF) data within .pdf documents in the Universal 3D (U3D) module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13764
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5043
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Truevision Graphics Adapter raster file format (TGA) data .pdf documents in the Universal 3D (U3D) module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13765
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12784
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 2015.006.30306 - 2018.011.20040
Adobe Acrobat: 15.006.30306 - 18.011.20040
External linkshttp://helpx.adobe.com//security/products/acrobat/apsb18-21.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.