Kaspersky Threats

Detect date

?

02/13/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges.

Below is a complete list of vulnerabilities:

Use-after-free vulnerabilities can be exploited to execute arbitrary code;
Heap buffer overflow vulnerabilities can be exploited to execute arbitrary code;
Out-of-bounds write vulnerabilities can be exploited to execute arbitrary code;
Security Mitigation Bypass vulnerability can be exploited remotely to gain priveleges;
Out-of-bounds read vulnerabilities can be exploited remotely to execute arbitrary code;

Affected products

Acrobat Reader DC (Classic Track) 2015.006.30394 and earlier versions
Acrobat DC 2018.009.20050 and earlier versions
Acrobat Reader DC (Continuous Track) 2018.009.20050 and earlier versions
Acrobat 2017 2017.011.30070 and earlier versions
Acrobat Reader 2017 2017.011.30070 and earlier versions
Acrobat DC (Classic Track) 2015.006.30394 and earlier versions

Solution

Update to the latest versions
Download Adobe Acrobat DC
Download Adobe Acrobat Reader DC

Original advisories

Adobe Security Bulletin

Impacts

?

ACE

[?]

PE

[?]

Related products

Adobe Acrobat
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat DC Classic
Adobe Acrobat Reader 2017
Adobe Acrobat 2017
Adobe Acrobat Reader

CVE-IDS

?

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Detect date ?	02/13/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges. Below is a complete list of vulnerabilities: Use-after-free vulnerabilities can be exploited to execute arbitrary code; Heap buffer overflow vulnerabilities can be exploited to execute arbitrary code; Out-of-bounds write vulnerabilities can be exploited to execute arbitrary code; Security Mitigation Bypass vulnerability can be exploited remotely to gain priveleges; Out-of-bounds read vulnerabilities can be exploited remotely to execute arbitrary code;
Affected products	Acrobat Reader DC (Classic Track) 2015.006.30394 and earlier versions Acrobat DC 2018.009.20050 and earlier versions Acrobat Reader DC (Continuous Track) 2018.009.20050 and earlier versions Acrobat 2017 2017.011.30070 and earlier versions Acrobat Reader 2017 2017.011.30070 and earlier versions Acrobat DC (Classic Track) 2015.006.30394 and earlier versions
Solution	Update to the latest versions Download Adobe Acrobat DC Download Adobe Acrobat Reader DC
Original advisories	Adobe Security Bulletin
Impacts ?	ACE [?] PE [?]
Related products	Adobe Acrobat Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader DC Classic Adobe Acrobat DC Continuous Adobe Acrobat DC Classic Adobe Acrobat Reader 2017 Adobe Acrobat 2017 Adobe Acrobat Reader
CVE-IDS ?	CVE-2018-48720.0Unknown CVE-2018-48900.0Unknown CVE-2018-49040.0Unknown CVE-2018-49100.0Unknown CVE-2018-49170.0Unknown CVE-2018-48880.0Unknown CVE-2018-48920.0Unknown CVE-2018-49020.0Unknown CVE-2018-49110.0Unknown CVE-2018-49130.0Unknown CVE-2018-48790.0Unknown CVE-2018-48950.0Unknown CVE-2018-48980.0Unknown CVE-2018-49010.0Unknown CVE-2018-49150.0Unknown CVE-2018-49160.0Unknown CVE-2018-49180.0Unknown CVE-2018-48800.0Unknown CVE-2018-48810.0Unknown CVE-2018-48820.0Unknown CVE-2018-48830.0Unknown CVE-2018-48840.0Unknown CVE-2018-48850.0Unknown CVE-2018-48860.0Unknown CVE-2018-48870.0Unknown CVE-2018-48890.0Unknown CVE-2018-48910.0Unknown CVE-2018-48930.0Unknown CVE-2018-48940.0Unknown CVE-2018-48960.0Unknown CVE-2018-48970.0Unknown CVE-2018-48990.0Unknown CVE-2018-49000.0Unknown CVE-2018-49030.0Unknown CVE-2018-49050.0Unknown CVE-2018-49060.0Unknown CVE-2018-49070.0Unknown CVE-2018-49080.0Unknown CVE-2018-49090.0Unknown CVE-2018-49120.0Unknown CVE-2018-49140.0Unknown CVE-2018-49980.0Unknown CVE-2018-49970.0Unknown CVE-2018-49990.0Unknown
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.