CVE-2018-15979
published 2018-11-29CVE-2018-15979: Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_dc | 15.006.30060 – 15.006.30456 | — |
| adobe | acrobat_dc | 15.008.20082 – 19.008.20080 | — |
| adobe | acrobat_dc | 17.011.30059 – 17.011.30105 | — |
| adobe | acrobat_reader_dc | 15.006.30060 – 15.006.30456 | — |
| adobe | acrobat_reader_dc | 15.008.20082 – 19.008.20080 | — |
| adobe | acrobat_reader_dc | 17.011.30059 – 17.011.30105 | — |
| adobe | adobe_acrobat_and_reader | — | — |
No detection rules found.
No public exploits indexed.
Tenable
Adobe Patches Incomplete Fix for NTLM Credential Leaking Bug (CVE-2018-15979)
blogs_tenable·2018-11-14·CVSS 7.5
CVE-2018-15979 [HIGH] Adobe Patches Incomplete Fix for NTLM Credential Leaking Bug (CVE-2018-15979)
Blog / Cyber Exposure Alerts
Subscribe
# Adobe Patches Incomplete Fix for NTLM Credential Leaking Bug (CVE-2018-15979)
Satnam Narang
November 14, 2018
2 Min Read
Researchers have reported an incomplete fix for CVE-2018-4993, an NTLM credential leaking vulnerability that was supposed to be patched in May 2018. Adobe has now released a complete fix.
### Background
On November 13, Adobe published its monthly security bulletins as part of its monthly release cycle in conjunction with Microsoft’s Patch Tuesday. The November security bulletins include a fix for a vulnerability that was believed to have been patched in May 2018’s security bulletins. However, security researchers at EdgeSpot discovered that the May 2018 fix was incomplete.
### Vulnerability details
Researchers at Check Po
Tenable
Adobe Patches Incomplete Fix for NTLM Credential Leaking Bug (CVE-2018-15979)
blogs_tenable·2018-11-14·CVSS 7.5
[HIGH] Adobe Patches Incomplete Fix for NTLM Credential Leaking Bug (CVE-2018-15979)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
Zscaler protects against 2 new vulnerabilities for Adobe Flash Player & Acrobat Reader. | Zscaler
blogs_zscaler
Zscaler protects against 2 new vulnerabilities for Adobe Flash Player & Acrobat Reader. | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2018-11-29
Published