Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader
CVE-2018-4997

8.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Acrobat And Reader 2018.009.20050 And Earlier, 2017.011.30070 And Earlier, And 2015.006.30394 And Earlier Versions
Vendor: CVE Published:; 9 July 2018

Summary

Adobe Acrobat and Reader are affected by an out-of-bounds write vulnerability that arises from insufficient validation in the handling of user-supplied data. If exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user, potentially leading to data compromise or system control. It is crucial for users of affected versions to apply security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier versions

References

http://www.securityfocus.com/bid/104264

vdb-entryx_refsource_BID

https://helpx.adobe.com/security/products/acrobat/apsb18-...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2018
Vulnerability Reserved
Jan 3, 2018