Description
Multiple serious vulnerabilities have been found in Adobe Acrobat and Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and bypass security restrictions. Below is a complete list of vulnerabilities:
- A double free vulnerability can be exploited remotely via specially crafted JPEG2000 image to execute arbitrary code;
- Multiple heap buffer overflow vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple use-after-free vulnerabilities can be exploited remotely to execute arbitrary code;
- An out-of-bounds write vulnerability can be exploited remotely to execute arbitrary code;
- A security bypass vulnerability can be exploited remotely to obtain sensitive information;
- Multiple out-of-bounds read vulnerabilities can be exploited remotely to obtain sensitive information;
- A type confusion vulnerability can be exploited remotely to execute arbitrary code;
- An untrusted pointer dereference vulnerability can be exploited remotely to execute arbitrary code;
- A memory corruption vulnerability can be exploited remotely to obtain sensitive information;
- A NTLM SSO hash theft vulnerability can be exploited remotely to obtain sensitive information;
- A HTTP POST new line injection vulnerability can be exploited remotely via XFA submission to bypass security restrictions;
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Adobe-Acrobat
- Adobe-Acrobat-Reader-DC-Continuous
- Adobe-Acrobat-Reader-DC-Classic
- Adobe-Acrobat-DC-Continuous
- Adobe-Acrobat-DC-Classic
- Adobe-Acrobat-Reader-2017
- Adobe-Acrobat-2017
- Adobe-Acrobat-Reader
CVE list
- CVE-2018-4990 high
- CVE-2018-4947 critical
- CVE-2018-4948 critical
- CVE-2018-4966 critical
- CVE-2018-4968 critical
- CVE-2018-4978 critical
- CVE-2018-4982 high
- CVE-2018-4984 critical
- CVE-2018-4996 critical
- CVE-2018-4952 high
- CVE-2018-4954 high
- CVE-2018-4958 critical
- CVE-2018-4959 critical
- CVE-2018-4961 critical
- CVE-2018-4971 high
- CVE-2018-4974 high
- CVE-2018-4977 critical
- CVE-2018-4980 high
- CVE-2018-4983 critical
- CVE-2018-4988 critical
- CVE-2018-4989 critical
- CVE-2018-4950 critical
- CVE-2018-4979 warning
- CVE-2018-4949 warning
- CVE-2018-4951 warning
- CVE-2018-4955 warning
- CVE-2018-4956 warning
- CVE-2018-4957 warning
- CVE-2018-4960 warning
- CVE-2018-4962 warning
- CVE-2018-4963 warning
- CVE-2018-4964 warning
- CVE-2018-4967 warning
- CVE-2018-4969 warning
- CVE-2018-4970 warning
- CVE-2018-4972 warning
- CVE-2018-4973 warning
- CVE-2018-4975 warning
- CVE-2018-4976 warning
- CVE-2018-4981 warning
- CVE-2018-4986 warning
- CVE-2018-4985 warning
- CVE-2018-4953 high
- CVE-2018-4987 critical
- CVE-2018-4965 warning
- CVE-2018-4993 warning
- CVE-2018-4995 critical
- CVE-2018-12812 critical
- CVE-2018-12815 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!