Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader
CVE-2018-4997

8.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Acrobat And Reader 2018.009.20050 And Earlier, 2017.011.30070 And Earlier, And 2015.006.30394 And Earlier Versions
Vendor
CVE Published:
9 July 2018

Summary

Adobe Acrobat and Reader are affected by an out-of-bounds write vulnerability that arises from insufficient validation in the handling of user-supplied data. If exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user, potentially leading to data compromise or system control. It is crucial for users of affected versions to apply security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier versions

References

http://www.securityfocus.com/bid/104264
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/acrobat/apsb18-...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.