Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11458
HistoryApr 09, 2019 - 12:00 a.m.

KLA11458 Multiple vulnerabilities in Adobe Acrobat and Acrobat Reader

2019-04-0900:00:00
Kaspersky Lab
threats.kaspersky.com
48

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.426

Percentile

97.4%

JSON

Multiple vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Multiple out-of-bounds read vulnerabilities can be exploited remotely to obtain sensitive information;
  2. Multiple out-of-bounds write vulnerabilities can be exploited remotely to execute arbitrary code;
  3. Multiple type confusion vulnerabilities can be exploited remotely to execute arbitrary code;
  4. Multiple use after free vulnerabilities can be exploited remotely to execute arbitrary code;
  5. Multiple heap overflow vulnerabilities can be exploited remotely to execute arbitrary code.

Original advisories

Security updates available for Adobe Acrobat and Reader | APSB19-17

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Acrobat-Reader-DC-Continuous

Adobe-Acrobat-Reader-DC-Classic

Adobe-Acrobat-DC-Continuous

Adobe-Acrobat-DC-Classic

Adobe-Acrobat-Reader-2017

Adobe-Acrobat-2017

CVE list

CVE-2019-7061 warning

CVE-2019-7109 warning

CVE-2019-7110 warning

CVE-2019-7114 warning

CVE-2019-7115 warning

CVE-2019-7116 warning

CVE-2019-7121 warning

CVE-2019-7122 warning

CVE-2019-7123 warning

CVE-2019-7127 warning

CVE-2019-7111 critical

CVE-2019-7118 critical

CVE-2019-7119 critical

CVE-2019-7120 critical

CVE-2019-7124 critical

CVE-2019-7117 critical

CVE-2019-7128 critical

CVE-2019-7088 critical

CVE-2019-7112 critical

CVE-2019-7113 critical

CVE-2019-7125 critical

Solution

Update to the latest version

Download Adobe Acrobat Reader DC

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

  • Acrobat DC Continuous 2019.010.20098 and earlier versions for Windows and macOSAcrobat Reader DC Continuous 2019.010.20098 and earlier versions for Windows and macOSAcrobat 2017 2017.011.30127 and earlier version for Windows and macOSAcrobat Reader 2017.011.30127 and earlier version for Windows and macOSAcrobat DC Classic 2015.006.30482 and earlier versions for Windows and macOSAcrobat Reader DC Classic 2015.006.30482 and earlier versions for Windows and macOS

Related

openvas 12
nessus 4
adobe 1
threatpost 1
cvelist 21
nvd 21
checkpoint_advisories 21
cve 21
prion 21
zdi 5
srcincite 4
talos 1
redhatcve 1
talosblog 1
openvas
openvas
Adobe Acrobat DC (Classic Track) Security Updates (APSB19-17) - Mac OS X
2019-04-11 00:00:00
Adobe Acrobat DC (Classic Track) Security Updates (APSB19-17) - Windows
2019-04-11 00:00:00
Adobe Acrobat Reader 2017 Security Updates (APSB19-17) - Windows
2019-04-11 00:00:00
nessus
nessus
Adobe Acrobat < 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-17)
2019-04-12 00:00:00
Adobe Reader < 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-17) (macOS)
2019-04-12 00:00:00
Adobe Reader < 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-17)
2019-04-12 00:00:00
adobe
adobe
APSB19-17 Security update available for Adobe Acrobat and Reader
2019-04-09 00:00:00
threatpost
threatpost
Adobe Fixes 24 Critical Flaws in Acrobat Reader, Flash, Shockwave Player
2019-04-09 18:08:08
cvelist
cvelist
CVE-2019-7123
2019-05-23 17:15:43
CVE-2019-7121
2019-05-23 17:18:49
CVE-2019-7118
2019-05-23 17:12:09
nvd
nvd
CVE-2019-7121
2019-05-23 18:29:02
CVE-2019-7123
2019-05-23 18:29:02
CVE-2019-7118
2019-05-23 18:29:01
checkpoint_advisories
checkpoint_advisories
Adobe Acrobat and Reader Out-of-Bounds Read (APSB19-17: CVE-2019-7122)
2019-04-09 00:00:00
Adobe Acrobat and Reader Out-of-Bounds Write (APSB19-17: CVE-2019-7118)
2019-04-09 00:00:00
Adobe Acrobat and Reader Out-of-Bounds Write (APSB19-17: CVE-2019-7119)
2019-04-09 00:00:00
cve
cve
CVE-2019-7111
2019-05-23 18:29:01
CVE-2019-7118
2019-05-23 18:29:01
CVE-2019-7122
2019-05-23 18:29:02
prion
prion
Out-of-bounds
2019-05-23 18:29:00
Out-of-bounds
2019-05-23 18:29:00
Out-of-bounds
2019-05-23 18:29:00
zdi
zdi
Adobe Acrobat Pro DC JOBOPTIONS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019-04-15 00:00:00
Adobe Acrobat Pro DC JOBOPTIONS CalCMYKProfile Out-Of-Bounds Write Remote Code Execution Vulnerability
2019-04-15 00:00:00
Adobe Acrobat Pro DC JOBOPTIONS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019-04-15 00:00:00
srcincite
srcincite
SRC-2019-0021 : Adobe Acrobat Pro DC Distiller PostScript File Parsing Use-After-free Remote Code Execution Vulnerability
2019-01-16 00:00:00
SRC-2019-0022 : Adobe Acrobat Pro DC Distiller DCTDecode JPEG parsing SOS Marker Out-of-Bounds Read Information Disclosure Vulnerability
2019-01-22 00:00:00
SRC-2019-0024 : Adobe Acrobat Pro DC Distiller PostScript File maxlength operand Type Confusion Remote Code Execution Vulnerability
2019-01-25 00:00:00
talos
talos
Adobe Acrobat Reader DC text field value remote code execution vulnerability — redux
2019-04-09 00:00:00
redhatcve
redhatcve
CVE-2019-7125
2019-04-10 11:49:50
talosblog
talosblog
Vulnerability Spotlight: Adobe Acrobat Reader remote code execution
2019-04-10 06:48:09

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.426

Percentile

97.4%

JSON
Related for KLA11458
openvas12nessus4adobe1threatpost1cvelist21nvd21checkpoint_advisories21cve21prion21zdi5srcincite4talos1redhatcve1talosblog1