|CERT-In Vulnerability Note
Multiple Vulnerabilities in Adobe Acrobat and Reader
Original Issue Date:August 02, 2018
Severity Rating: HIGH
- Acrobat DC and Acrobat Reader DC (Consumer) version 2018.011.20040 and prior for Windows and macOS
- Acrobat 2017 and Acrobat Reader 2017 version 2017.011.30080 and prior for Windows and macOS
- Acrobat DC and Acrobat Reader DC (Classic 2015) version 2015.006.30418 and prior for Windows and macOS
Multiple vulnerabilities have been reported in Adobe Acrobat and Acrobat Reader which could allow a remote attacker to execute arbitrary code, obtain sensitive information and bypass security controls on the targeted system.
These vulnerabilities are caused due to various errors in the affected software namely double free error, use-after-free error, heap overflow, out-of-bounds read, out-of bounds write, type confusion, untrusted pointer dereference, Buffer errors and security bypass issues.
A remote attacker could exploit these vulnerabilities by creating specially crafted content and then convincing the target user to open the malicious file. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, obtain potentially sensitive information and bypass security restrictions on the target system.
Apply appropriate security updates as mentioned in the
Adobe Security Advisory APSB18-21
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003