Vulnerability Name: | CVE-2018-4913 (CCN-138993) | ||||||||||||
Assigned: | 2018-02-13 | ||||||||||||
Published: | 2018-02-13 | ||||||||||||
Updated: | 2018-03-16 | ||||||||||||
Summary: | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution. | ||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-416 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-4913 Source: BID Type: Third Party Advisory, VDB Entry 102995 Source: CCN Type: BID-102995 Adobe Acrobat and Reader Multiple Remote Code Execution Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040364 Source: XF Type: UNKNOWN adobe-reader-cve20184913-code-exec(138993) Source: CCN Type: Adobe Security Bulletin APSB18-02 Security Updates Available for Adobe Acrobat and Reader Source: CONFIRM Type: Vendor Advisory https://helpx.adobe.com/security/products/acrobat/apsb18-02.html Source: CCN Type: ZDI-18-176 Adobe Acrobat Pro DC XFA picture Use-After-Free Remote Code Execution Vulnerability Source: MISC Type: Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-18-176/ | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |