Security Bypass Vulnerability in Adobe Acrobat Reader
CVE-2018-4872

10CRITICAL

Key Information:

Vendor

Adobe
Status
Adobe Acrobat Reader 2018.009.20050 And Earlier Versions, 2017.011.30070 And Earlier Versions, 2015.006.30394 And Earlier Versions
Vendor
CVE Published:
27 February 2018

What is CVE-2018-4872?

A security bypass vulnerability was identified in Adobe Acrobat Reader that allows an attacker to escape the sandbox environment. This issue arises from improper handling of cross calls, posing a risk to users by potentially allowing malicious content to execute outside the intended security confines of the application. This could lead to unauthorized access to system resources or sensitive data, thereby compromising user security. Users of affected versions should apply necessary updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Adobe Acrobat Reader 2018.009.20050 and earlier , 2017.011.30070 and earlier , 2015.006.30394 and earlier Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions

References

https://helpx.adobe.com/security/products/acrobat/apsb18-...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102993
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040364
vdb-entryx_refsource_SECTRACK

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.