Description
Multiple serious vulnerabilities have been found in Adobe Acrobat and Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and bypass security restrictions. Below is a complete list of vulnerabilities:
- A double free vulnerability can be exploited remotely via specially crafted JPEG2000 image to execute arbitrary code;
- Multiple heap buffer overflow vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple use-after-free vulnerabilities can be exploited remotely to execute arbitrary code;
- An out-of-bounds write vulnerability can be exploited remotely to execute arbitrary code;
- A security bypass vulnerability can be exploited remotely to obtain sensitive information;
- Multiple out-of-bounds read vulnerabilities can be exploited remotely to obtain sensitive information;
- A type confusion vulnerability can be exploited remotely to execute arbitrary code;
- An untrusted pointer dereference vulnerability can be exploited remotely to execute arbitrary code;
- A memory corruption vulnerability can be exploited remotely to obtain sensitive information;
- A NTLM SSO hash theft vulnerability can be exploited remotely to obtain sensitive information;
- A HTTP POST new line injection vulnerability can be exploited remotely via XFA submission to bypass security restrictions;
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Adobe-Acrobat
- Adobe-Acrobat-Reader-DC-Continuous
- Adobe-Acrobat-Reader-DC-Classic
- Adobe-Acrobat-DC-Continuous
- Adobe-Acrobat-DC-Classic
- Adobe-Acrobat-Reader-2017
- Adobe-Acrobat-2017
- Adobe-Acrobat-Reader
CVE list
- CVE-2018-4990 critical
- CVE-2018-4947 critical
- CVE-2018-4948 critical
- CVE-2018-4966 critical
- CVE-2018-4968 critical
- CVE-2018-4978 critical
- CVE-2018-4982 critical
- CVE-2018-4984 critical
- CVE-2018-4996 critical
- CVE-2018-4952 critical
- CVE-2018-4954 critical
- CVE-2018-4958 critical
- CVE-2018-4959 critical
- CVE-2018-4961 critical
- CVE-2018-4971 critical
- CVE-2018-4974 critical
- CVE-2018-4977 critical
- CVE-2018-4980 critical
- CVE-2018-4983 critical
- CVE-2018-4988 critical
- CVE-2018-4989 critical
- CVE-2018-4950 critical
- CVE-2018-4979 high
- CVE-2018-4949 critical
- CVE-2018-4951 high
- CVE-2018-4955 critical
- CVE-2018-4956 critical
- CVE-2018-4957 critical
- CVE-2018-4960 critical
- CVE-2018-4962 critical
- CVE-2018-4963 critical
- CVE-2018-4964 critical
- CVE-2018-4967 critical
- CVE-2018-4969 critical
- CVE-2018-4970 critical
- CVE-2018-4972 high
- CVE-2018-4973 critical
- CVE-2018-4975 critical
- CVE-2018-4976 critical
- CVE-2018-4981 critical
- CVE-2018-4986 critical
- CVE-2018-4985 critical
- CVE-2018-4953 critical
- CVE-2018-4987 critical
- CVE-2018-4965 critical
- CVE-2018-4993 critical
- CVE-2018-4995 critical
- CVE-2018-12812 critical
- CVE-2018-12815 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!