CVE-2018-12808
published 2018-08-29CVE-2018-12808: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write…
PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
7.51%
93.7th percentile
Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_dc | 15.006.30060 – 15.006.30434 | — |
| adobe | acrobat_dc | 15.008.20082 – 18.011.20055 | — |
| adobe | acrobat_dc | 17.011.30059 – 17.011.30096 | — |
| adobe | acrobat_reader_dc | 15.006.30060 – 15.006.30434 | — |
| adobe | acrobat_reader_dc | 15.008.20082 – 18.011.20055 | — |
| adobe | acrobat_reader_dc | 17.011.30059 – 17.011.30096 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-236q-9cvj-69q7: Adobe Acrobat and Reader versions 2018
ghsa_unreviewed·2022-05-14
CVE-2018-12808 [CRITICAL] CWE-787 GHSA-236q-9cvj-69q7: Adobe Acrobat and Reader versions 2018
Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
VulnCheck
Adobe acrobat_dc Out-of-bounds Write
vulncheck·2018·CVSS 9.8
CVE-2018-12808 [CRITICAL] Adobe acrobat_dc Out-of-bounds Write
Adobe acrobat_dc Out-of-bounds Write
Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Affected: Adobe acrobat_dc
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cybersecurityworks.com/blog/ransomware/cyber-hygiene-ransomware-is-causing-critical-care-disruption-in-hospitals.html; https://cybersecurity.bd.com/bulletins-and-patches/ryuk-ransomware; https://blog.qualys.com/product-tech/2021/10/05/assess-risk-ransomware-attacks-qualys-rese
No detection rules found.
No public exploits indexed.
2018-08-29
Published
Exploited in the wild