Kaspersky Threats

Detect date

?

12/11/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and obtain sensitive information.

Below is a complete list of vulnerabilities:

Multiple buffer errors vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
Multiple untrusted pointer dereference vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
Multiple security bypass vulnerabilities in Adobe Acrobat and Reader can be exploited to gain privileges;
Multiple use-after-free vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
Multiple out-of-bounds write vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
Multiple heap overflow vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
Multiple out-of-bounds read vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information;
Multiple integer Overflow vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information;
Multiple security bypass vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information;

Affected products

Adobe Acrobat DC Continuous earlier than 2019.010.20064
Adobe Acrobat Reader DC Continuous earlier than 2019.010.20064
Adobe Acrobat 2017 (Classic Track) earlier than 2017.011.30110
Adobe Acrobat Reader 2017 (Classic Track) earlier than 2017.011.30110
Adobe Acrobat DC 2015(Classic Track) earlier than 2015.006.30461
Adobe Acrobat Reader DC 2015 (Classic Track) earlier than 2015.006.30461

Solution

Update to the latest version
Download Adobe Acrobat Reader DC

Original advisories

Security Bulletin for Adobe Acrobat and Reader | APSB18-41

Impacts

?

ACE

[?]

OSI

[?]

PE

[?]

Related products

Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat DC Classic
Adobe Acrobat Reader 2017
Adobe Acrobat 2017

CVE-IDS

?

Detect date ?	12/11/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and obtain sensitive information. Below is a complete list of vulnerabilities: Multiple buffer errors vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code; Multiple untrusted pointer dereference vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code; Multiple security bypass vulnerabilities in Adobe Acrobat and Reader can be exploited to gain privileges; Multiple use-after-free vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code; Multiple out-of-bounds write vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code; Multiple heap overflow vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code; Multiple out-of-bounds read vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information; Multiple integer Overflow vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information; Multiple security bypass vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information;
Affected products	Adobe Acrobat DC Continuous earlier than 2019.010.20064 Adobe Acrobat Reader DC Continuous earlier than 2019.010.20064 Adobe Acrobat 2017 (Classic Track) earlier than 2017.011.30110 Adobe Acrobat Reader 2017 (Classic Track) earlier than 2017.011.30110 Adobe Acrobat DC 2015(Classic Track) earlier than 2015.006.30461 Adobe Acrobat Reader DC 2015 (Classic Track) earlier than 2015.006.30461
Solution	Update to the latest version Download Adobe Acrobat Reader DC
Original advisories	Security Bulletin for Adobe Acrobat and Reader \| APSB18-41
Impacts ?	ACE [?] OSI [?] PE [?]
Related products	Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader DC Classic Adobe Acrobat DC Continuous Adobe Acrobat DC Classic Adobe Acrobat Reader 2017 Adobe Acrobat 2017
CVE-IDS ?	CVE-2018-159980.0Critical CVE-2018-159870.0Critical CVE-2018-160040.0Critical CVE-2018-197200.0Critical CVE-2018-160450.0Critical CVE-2018-160440.0Critical CVE-2018-160187.5Critical CVE-2018-197156.1Critical CVE-2018-197136.1Critical CVE-2018-197086.1Critical CVE-2018-197076.1Critical CVE-2018-197006.1Critical CVE-2018-196986.1Critical CVE-2018-160466.1Critical CVE-2018-160406.1Critical CVE-2018-160396.1Critical CVE-2018-160376.1Critical CVE-2018-160366.1Critical CVE-2018-160296.1Critical CVE-2018-160276.1Critical CVE-2018-160266.1Critical CVE-2018-160256.1Critical CVE-2018-160146.1Critical CVE-2018-160086.1Critical CVE-2018-160036.1Critical CVE-2018-159946.1Critical CVE-2018-159936.1Critical CVE-2018-159926.1Critical CVE-2018-159916.1Critical CVE-2018-159906.1Critical CVE-2018-197026.1Critical CVE-2018-160166.1Critical CVE-2018-160006.1Critical CVE-2018-159996.1Critical CVE-2018-159886.1Critical CVE-2018-197166.5Critical CVE-2018-160216.5Critical CVE-2018-128306.5Critical CVE-2018-197174.3Critical CVE-2018-197144.3Critical CVE-2018-197124.3Critical CVE-2018-197114.3Critical CVE-2018-197104.3Critical CVE-2018-197094.3Critical CVE-2018-197064.3Critical CVE-2018-197054.3Critical CVE-2018-197044.3Critical CVE-2018-197034.3Critical CVE-2018-197014.3Critical CVE-2018-196994.3Critical CVE-2018-160474.3Critical CVE-2018-160434.3Critical CVE-2018-160414.3Critical CVE-2018-160384.3Critical CVE-2018-160354.3Critical CVE-2018-160344.3Critical CVE-2018-160334.3Critical CVE-2018-160324.3Critical CVE-2018-160314.3Critical CVE-2018-160304.3Critical CVE-2018-160284.3Critical CVE-2018-160244.3Critical CVE-2018-160234.3Critical CVE-2018-160224.3Critical CVE-2018-160204.3Critical CVE-2018-160194.3Critical CVE-2018-160174.3Critical CVE-2018-160154.3Critical CVE-2018-160134.3Critical CVE-2018-160124.3Critical CVE-2018-160104.3Critical CVE-2018-160064.3Critical CVE-2018-160054.3Critical CVE-2018-160024.3Critical CVE-2018-160014.3Critical CVE-2018-159974.3Critical CVE-2018-159964.3Critical CVE-2018-159894.3Critical CVE-2018-159854.3Critical CVE-2018-159844.3Critical CVE-2018-197194.3Critical CVE-2018-160094.3Critical CVE-2018-160074.3Critical CVE-2018-159954.3Critical CVE-2018-159864.3Critical CVE-2018-160424.3Critical