Vulnerability CVE-2018-4915


Published: 2018-02-27

Description:
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Type:

CWE-787

Vendor: Adobe
Product: Acrobat reader dc 
Version:
18.009.20050
18.009.20044
17.012.20098
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30394
15.006.30392
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
See more versions on NVD
Product: Acrobat dc 
Version:
18.009.20050
18.009.20044
17.012.20098
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30394
15.006.30392
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
See more versions on NVD
Product: Acrobat 
Version:
17.011.30070
17.011.30068
17.011.30066
17.011.30065
17.011.30059
See more versions on NVD
Product: Acrobat reader 
Version:
17.011.30070
17.011.30068
17.011.30066
17.011.30065
17.011.30059
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/102994
http://www.securitytracker.com/id/1040364
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
https://www.zerodayinitiative.com/advisories/ZDI-18-212/

Related CVE
CVE-2018-5070
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c...
CVE-2018-5069
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c...
CVE-2018-5068
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-5067
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current ...
CVE-2018-5066
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-5065
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current...
CVE-2018-5064
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c...
CVE-2018-5063
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Copyright 2018, cxsecurity.com

 

Back to Top