Vulnerability CVE-2018-19721


Published: 2019-01-28

Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19723.

Type:

CWE-125

(Out-of-bounds Read)

Vendor: Adobe
Product: Acrobat reader dc 
Version:
18.011.20055
18.009.20050
18.009.20044
17.012.20098
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30434
15.006.30394
15.006.30392
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
See more versions on NVD
Product: Acrobat dc 
Version:
18.011.20055
18.009.20050
18.009.20044
17.012.20098
17.012.20096
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30434
15.006.30394
15.006.30392
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
See more versions on NVD
Product: Acrobat 
Version:
17.011.30096
17.011.30070
17.011.30068
17.011.30065
17.011.30059
See more versions on NVD
Product: Acrobat reader 
Version: 17.011.30096; 17.011.30059;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html

Related CVE
CVE-2019-7963
Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7956
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
CVE-2019-7955
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-7953
Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-7941
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7850
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-7848
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7847
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the...

Copyright 2019, cxsecurity.com

 

Back to Top