Use After Free Vulnerability in Adobe Acrobat Reader
CVE-2018-4911

8.8HIGH

Summary

A use after free vulnerability was identified in Adobe Acrobat Reader affecting specific versions. This flaw arises within the JavaScript API related to the bookmark functionality and can be exploited through specially crafted JavaScript code embedded in PDF files. Attackers can potentially exploit this vulnerability to achieve code corruption, control-flow hijacking, or execute code reuse attacks, posing significant risks to users' systems.

Affected Version(s)

Adobe Acrobat Reader 2018.009.20050 and earlier , 2017.011.30070 and earlier , 2015.006.30394 and earlier Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions

References

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.