Kaspersky Threats

Detect date

?

02/13/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges.

Below is a complete list of vulnerabilities:

Use-after-free vulnerabilities can be exploited to execute arbitrary code;
Heap buffer overflow vulnerabilities can be exploited to execute arbitrary code;
Out-of-bounds write vulnerabilities can be exploited to execute arbitrary code;
Security Mitigation Bypass vulnerability can be exploited remotely to gain priveleges;
Out-of-bounds read vulnerabilities can be exploited remotely to execute arbitrary code;

Affected products

Acrobat DC 2018.009.20050 and earlier versions
Acrobat Reader DC (Continuous Track) 2018.009.20050 and earlier versions
Acrobat 2017 2017.011.30070 and earlier versions
Acrobat Reader 2017 2017.011.30070 and earlier versions
Acrobat DC (Classic Track) 2015.006.30394 and earlier versions
Acrobat Reader DC (Classic Track) 2015.006.30394 and earlier versions

Solution

Update to the latest versions
Download Adobe Acrobat DC
Download Adobe Acrobat Reader DC

Original advisories

Adobe Security Bulletin

Impacts

?

ACE

[?]

PE

[?]

Related products

Adobe Acrobat
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat DC Classic
Adobe Acrobat Reader

CVE-IDS

?

Detect date ?	02/13/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges. Below is a complete list of vulnerabilities: Use-after-free vulnerabilities can be exploited to execute arbitrary code; Heap buffer overflow vulnerabilities can be exploited to execute arbitrary code; Out-of-bounds write vulnerabilities can be exploited to execute arbitrary code; Security Mitigation Bypass vulnerability can be exploited remotely to gain priveleges; Out-of-bounds read vulnerabilities can be exploited remotely to execute arbitrary code;
Affected products	Acrobat DC 2018.009.20050 and earlier versions Acrobat Reader DC (Continuous Track) 2018.009.20050 and earlier versions Acrobat 2017 2017.011.30070 and earlier versions Acrobat Reader 2017 2017.011.30070 and earlier versions Acrobat DC (Classic Track) 2015.006.30394 and earlier versions Acrobat Reader DC (Classic Track) 2015.006.30394 and earlier versions
Solution	Update to the latest versions Download Adobe Acrobat DC Download Adobe Acrobat Reader DC
Original advisories	Adobe Security Bulletin
Impacts ?	ACE [?] PE [?]
Related products	Adobe Acrobat Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader DC Classic Adobe Acrobat DC Continuous Adobe Acrobat DC Classic Adobe Acrobat Reader
CVE-IDS ?	CVE-2018-487210.0Critical CVE-2018-48906.8High CVE-2018-49046.8High CVE-2018-49106.8High CVE-2018-491710.0Critical CVE-2018-48886.8High CVE-2018-48926.8High CVE-2018-49026.8High CVE-2018-49116.8High CVE-2018-49136.8High CVE-2018-487910.0Critical CVE-2018-489510.0Critical CVE-2018-48986.8High CVE-2018-49016.8High CVE-2018-49156.8High CVE-2018-49166.8High CVE-2018-491810.0Critical CVE-2018-48804.3Warning CVE-2018-48814.3Warning CVE-2018-48824.3Warning CVE-2018-48834.3Warning CVE-2018-48844.3Warning CVE-2018-48854.3Warning CVE-2018-48864.3Warning CVE-2018-48874.3Warning CVE-2018-48894.3Warning CVE-2018-48914.3Warning CVE-2018-48934.3Warning CVE-2018-48944.3Warning CVE-2018-48964.3Warning CVE-2018-48974.3Warning CVE-2018-48994.3Warning CVE-2018-49004.3Warning CVE-2018-49034.3Warning CVE-2018-49054.3Warning CVE-2018-49064.3Warning CVE-2018-49074.3Warning CVE-2018-49084.3Warning CVE-2018-49094.3Warning CVE-2018-49124.3Warning CVE-2018-49144.3Warning CVE-2018-49988.8Critical CVE-2018-49978.8Critical CVE-2018-49996.5High