CVE-2018-4987
published 2018-07-09CVE-2018-4987: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference…
PriorityP349critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
13.90%
96.1th percentile
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_dc | 15.006.30060 – 15.006.30417 | — |
| adobe | acrobat_dc | 15.008.20082 – 18.011.20038 | — |
| adobe | acrobat_dc | 17.011.30059 – 17.011.30079 | — |
| adobe | acrobat_reader_dc | 15.006.30060 – 15.006.30417 | — |
| adobe | acrobat_reader_dc | 15.008.20082 – 18.011.20038 | — |
| adobe | acrobat_reader_dc | 17.011.30059 – 17.011.30079 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_CLIENT PDF With Embedded U3D
suricata·2011-12-08
CVE-2018-4989 ET WEB_CLIENT PDF With Embedded U3D
ET WEB_CLIENT PDF With Embedded U3D
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT PDF With Embedded U3D"; flow:established,to_client; file.data; content:"obj"; content:"<<"; within:4; content:"/U3D"; fast_pattern; within:64; reference:url,www.adobe.com/support/security/advisories/apsa11-04.html; reference:cve,2018-4989; reference:cve,2018-4987; classtype:bad-unknown; sid:2013995; rev:4; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2011_12_08, cve CVE_2018_4989, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_08;)
No public exploits indexed.
2018-07-09
Published