Kaspersky LabKLA11390KLA11390 Multiple vulnerabilities in Adobe Acrobat and Reader
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
97.3%
Multiple serious vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and obtain sensitive information.
Below is a complete list of vulnerabilities:
- Multiple buffer errors vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
- Multiple untrusted pointer dereference vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
- Multiple security bypass vulnerabilities in Adobe Acrobat and Reader can be exploited to gain privileges;
- Multiple use-after-free vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
- Multiple out-of-bounds write vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
- Multiple heap overflow vulnerabilities in Adobe Acrobat and Reader can be exploited to execute arbitrary code;
- Multiple out-of-bounds read vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information;
- Multiple integer Overflow vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information;
- Multiple security bypass vulnerabilities in Adobe Acrobat and Reader can be exploited to obtain sensitive information;
Original advisories
Security Bulletin for Adobe Acrobat and Reader | APSB18-41
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
Adobe-Acrobat-Reader-DC-Continuous
Adobe-Acrobat-Reader-DC-Classic
CVE list
CVE-2018-15998 critical
CVE-2018-15987 critical
CVE-2018-16004 critical
CVE-2018-19720 critical
CVE-2018-16045 critical
CVE-2018-16044 critical
CVE-2018-16018 critical
CVE-2018-19715 critical
CVE-2018-19713 critical
CVE-2018-19708 critical
CVE-2018-19707 critical
CVE-2018-19700 critical
CVE-2018-19698 critical
CVE-2018-16046 critical
CVE-2018-16040 critical
CVE-2018-16039 critical
CVE-2018-16037 critical
CVE-2018-16036 critical
CVE-2018-16029 high
CVE-2018-16027 high
CVE-2018-16026 critical
CVE-2018-16025 critical
CVE-2018-16014 critical
CVE-2018-16008 critical
CVE-2018-16003 critical
CVE-2018-15994 critical
CVE-2018-15993 critical
CVE-2018-15992 critical
CVE-2018-15991 critical
CVE-2018-15990 critical
CVE-2018-19702 critical
CVE-2018-16016 critical
CVE-2018-16000 critical
CVE-2018-15999 critical
CVE-2018-15988 critical
CVE-2018-19716 critical
CVE-2018-16021 critical
CVE-2018-12830 critical
CVE-2018-19717 warning
CVE-2018-19714 warning
CVE-2018-19712 warning
CVE-2018-19711 warning
CVE-2018-19710 warning
CVE-2018-19709 warning
CVE-2018-19706 warning
CVE-2018-19705 warning
CVE-2018-19704 warning
CVE-2018-19703 warning
CVE-2018-19701 warning
CVE-2018-19699 warning
CVE-2018-16047 warning
CVE-2018-16043 warning
CVE-2018-16041 warning
CVE-2018-16038 warning
CVE-2018-16035 warning
CVE-2018-16034 warning
CVE-2018-16033 warning
CVE-2018-16032 warning
CVE-2018-16031 warning
CVE-2018-16030 warning
CVE-2018-16028 warning
CVE-2018-16024 warning
CVE-2018-16023 warning
CVE-2018-16022 warning
CVE-2018-16020 warning
CVE-2018-16019 warning
CVE-2018-16017 warning
CVE-2018-16015 warning
CVE-2018-16013 warning
CVE-2018-16012 warning
CVE-2018-16010 warning
CVE-2018-16006 warning
CVE-2018-16005 warning
CVE-2018-16002 warning
CVE-2018-16001 warning
CVE-2018-15997 warning
CVE-2018-15996 warning
CVE-2018-15989 warning
CVE-2018-15985 warning
CVE-2018-15984 warning
CVE-2018-19719 warning
CVE-2018-16009 warning
CVE-2018-16007 warning
CVE-2018-15995 warning
CVE-2018-15986 warning
CVE-2018-16042 high
CVE-2018-19728 warning
Solution
Update to the latest version
Download Adobe Acrobat Reader DC
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Adobe Acrobat DC Continuous earlier than 2019.010.20064Adobe Acrobat Reader DC Continuous earlier than 2019.010.20064Adobe Acrobat 2017 (Classic Track) earlier than 2017.011.30110Adobe Acrobat Reader 2017 (Classic Track) earlier than 2017.011.30110Adobe Acrobat DC 2015(Classic Track) earlier than 2015.006.30461Adobe Acrobat Reader DC 2015 (Classic Track) earlier than 2015.006.30461
References
helpx.adobe.com/security/products/acrobat/apsb18-41.html
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Adobe-Acrobat-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-DC-Continuous/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-2017/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Classic/
threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
97.3%