CVE-2018-12852
published 2018-10-12CVE-2018-12852: Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_dc | 15.006.30060 – 15.006.30452 | — |
| adobe | acrobat_dc | 15.008.20082 – 18.011.20063 | — |
| adobe | acrobat_dc | 17.011.30059 – 17.011.30102 | — |
| adobe | acrobat_reader_dc | 15.006.30060 – 15.006.30452 | — |
| adobe | acrobat_reader_dc | 15.008.20082 – 18.011.20063 | — |
| adobe | acrobat_reader_dc | 17.011.30059 – 17.011.30102 | — |
| adobe | adobe_acrobat_and_reader | — | — |
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
blogs_talos·2018-10-02·CVSS 7.8
[HIGH] Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
## Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos
## Overview
Today, Cisco Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a large user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability. The one method call required to trigger this vulnerability is privileged and can only be called from trusted functions or a trusted location. Additionally, the use-after-fr
Talos
Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
blogs_talos·2018-10-02·CVSS 7.8
[HIGH] Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos
### Overview
Today, Cisco Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a large user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability. The one method call required to trigger this vulnerability is privileged and can only be called from trusted functions or a trusted location. Additionally, the use-after-free condition is only triggered upon closing the application.
### TALOS-2017-0623 - Adobe Acrobat Reader DC
2018-10-12
Published