Vulnerability CVE-2018-4912


Published: 2018-02-27

Description:
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure.

Type:

CWE-125

(Out-of-bounds Read)

Vendor: Adobe
Product: Acrobat reader dc 
Version:
18.009.20050
18.009.20044
17.012.20098
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30394
15.006.30392
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
See more versions on NVD
Product: Acrobat dc 
Version:
18.009.20050
18.009.20044
17.012.20098
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30394
15.006.30392
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
See more versions on NVD
Product: Acrobat 
Version:
17.011.30070
17.011.30068
17.011.30066
17.011.30065
17.011.30059
See more versions on NVD
Product: Acrobat reader 
Version:
17.011.30070
17.011.30068
17.011.30066
17.011.30065
17.011.30059
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/102996
http://www.securitytracker.com/id/1040364
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html

Related CVE
CVE-2018-4994
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4944
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-4931
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4930
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4929
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4928
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-4927
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
CVE-2018-4926
Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.

Copyright 2018, cxsecurity.com

 

Back to Top