Kaspersky Threats

CVSS

?

7.5

Detect date

?

02/13/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges.

Below is a complete list of vulnerabilities:

Use-after-free vulnerabilities can be exploited to execute arbitrary code;
Heap buffer overflow vulnerabilities can be exploited to execute arbitrary code;
Out-of-bounds write vulnerabilities can be exploited to execute arbitrary code;
Security Mitigation Bypass vulnerability can be exploited remotely to gain priveleges;
Out-of-bounds read vulnerabilities can be exploited remotely to execute arbitrary code;

Affected products

Acrobat DC 2018.009.20050 and earlier versions
Acrobat Reader DC (Continuous Track) 2018.009.20050 and earlier versions
Acrobat 2017 2017.011.30070 and earlier versions
Acrobat Reader 2017 2017.011.30070 and earlier versions
Acrobat DC (Classic Track) 2015.006.30394 and earlier versions
Acrobat Reader DC (Classic Track) 2015.006.30394 and earlier versions

Solution

Update to the latest versions
Download Adobe Acrobat DC
Download Adobe Acrobat Reader DC

Original advisories

Adobe Security Bulletin

Impacts

?

ACE

[?]

PE

[?]

Related products

Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader
Adobe Acrobat DC Continuous
Adobe Acrobat DC Classic
Adobe Acrobat

CVE-IDS

?

CVE-2018-4914
CVE-2018-4912
CVE-2018-4909
CVE-2018-4908
CVE-2018-4907
CVE-2018-4906
CVE-2018-4905
CVE-2018-4903
CVE-2018-4900
CVE-2018-4899
CVE-2018-4897
CVE-2018-4896
CVE-2018-4894
CVE-2018-4893
CVE-2018-4891
CVE-2018-4889
CVE-2018-4887
CVE-2018-4886
CVE-2018-4885
CVE-2018-4884
CVE-2018-4883
CVE-2018-4882
CVE-2018-4881
CVE-2018-4880
CVE-2018-4918
CVE-2018-4916
CVE-2018-4915
CVE-2018-4901
CVE-2018-4898
CVE-2018-4895
CVE-2018-4879
CVE-2018-4913
CVE-2018-4911
CVE-2018-4902
CVE-2018-4892
CVE-2018-4888
CVE-2018-4917
CVE-2018-4910
CVE-2018-4904
CVE-2018-4890
CVE-2018-4872

CVSS ?	7.5
Detect date ?	02/13/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges. Below is a complete list of vulnerabilities: Use-after-free vulnerabilities can be exploited to execute arbitrary code; Heap buffer overflow vulnerabilities can be exploited to execute arbitrary code; Out-of-bounds write vulnerabilities can be exploited to execute arbitrary code; Security Mitigation Bypass vulnerability can be exploited remotely to gain priveleges; Out-of-bounds read vulnerabilities can be exploited remotely to execute arbitrary code;
Affected products	Acrobat DC 2018.009.20050 and earlier versions Acrobat Reader DC (Continuous Track) 2018.009.20050 and earlier versions Acrobat 2017 2017.011.30070 and earlier versions Acrobat Reader 2017 2017.011.30070 and earlier versions Acrobat DC (Classic Track) 2015.006.30394 and earlier versions Acrobat Reader DC (Classic Track) 2015.006.30394 and earlier versions
Solution	Update to the latest versions Download Adobe Acrobat DC Download Adobe Acrobat Reader DC
Original advisories	Adobe Security Bulletin
Impacts ?	ACE [?] PE [?]
Related products	Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader DC Classic Adobe Acrobat Reader Adobe Acrobat DC Continuous Adobe Acrobat DC Classic Adobe Acrobat
CVE-IDS ?	CVE-2018-4914 CVE-2018-4912 CVE-2018-4909 CVE-2018-4908 CVE-2018-4907 CVE-2018-4906 CVE-2018-4905 CVE-2018-4903 CVE-2018-4900 CVE-2018-4899 CVE-2018-4897 CVE-2018-4896 CVE-2018-4894 CVE-2018-4893 CVE-2018-4891 CVE-2018-4889 CVE-2018-4887 CVE-2018-4886 CVE-2018-4885 CVE-2018-4884 CVE-2018-4883 CVE-2018-4882 CVE-2018-4881 CVE-2018-4880 CVE-2018-4918 CVE-2018-4916 CVE-2018-4915 CVE-2018-4901 CVE-2018-4898 CVE-2018-4895 CVE-2018-4879 CVE-2018-4913 CVE-2018-4911 CVE-2018-4902 CVE-2018-4892 CVE-2018-4888 CVE-2018-4917 CVE-2018-4910 CVE-2018-4904 CVE-2018-4890 CVE-2018-4872