CVE-2018-4947
published 2018-07-09CVE-2018-4947: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability…
PriorityP353critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
15.98%
96.5th percentile
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_dc | 15.006.30060 – 15.006.30417 | — |
| adobe | acrobat_dc | 15.008.20082 – 18.011.20038 | — |
| adobe | acrobat_dc | 17.011.30059 – 17.011.30079 | — |
| adobe | acrobat_reader_dc | 15.006.30060 – 15.006.30417 | — |
| adobe | acrobat_reader_dc | 15.008.20082 – 18.011.20038 | — |
| adobe | acrobat_reader_dc | 17.011.30059 – 17.011.30079 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xffg-qhrh-j93p: Adobe Acrobat and Reader versions 2018
ghsa_unreviewed·2022-05-13
CVE-2018-4947 [CRITICAL] CWE-787 GHSA-xffg-qhrh-j93p: Adobe Acrobat and Reader versions 2018
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
VMware
vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
vendor_vmware·2018-01-26·CVSS 9.8
CVE-2017-4947 [CRITICAL] vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
VMSA-2018-0006: vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities 2. Relevant Products vRealize Automation (vRA) vSphere Integrated Containers (VIC) VMware AirWatch Console (AWC) 3. Problem Description a. vRealize Automation and vSphere Integrated Containers deserialization vulnerability via Xenon vRealize Automation and vSphere Integrated Containers contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifi
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple Adobe Acrobat Reader DC Vulnerabilities
blogs_talos·2018-05-15·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Multiple Adobe Acrobat Reader DC Vulnerabilities
Discovered by Aleksandar Nikolic of Cisco Talos
Update 05/15/18: The CVE for TALOS-2018-0517 has been corrected below.
## OverviewToday, Talos is releasing details of a new vulnerabilities within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger this vulnerability.
A specific Javascript script embedded in a PDF file can cause the document ID field to be used in an unbounded copy operation leading to stack-based buffer overflow when opening a specially crafted PDF document in Ad
Zscaler
Zscaler protects against 38 new vulnerabilities for Adobe Fl
blogs_zscaler
Zscaler protects against 38 new vulnerabilities for Adobe Fl
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2018-07-09
Published