CVE-2018-4902

27.02.2018, 05:29

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobe	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
adobe	acrobat	17.0 ≤ 𝑥 ≤ 17.011.30070
adobe	acrobat_dc	𝑥 ≤ 18.009.20050
adobe	acrobat_dc	15.0 ≤ 𝑥 ≤ 15.006.30394
adobe	acrobat_reader	17.0 ≤ 𝑥 ≤ 17.011.30070
adobe	acrobat_reader_dc	𝑥 ≤ 18.009.20050
adobe	acrobat_reader_dc	15.0 ≤ 𝑥 ≤ 15.006.30394

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

http://www.securityfocus.com/bid/102995

http://www.securitytracker.com/id/1040364

https://helpx.adobe.com/security/products/acrobat/apsb18-02.html

http://www.securityfocus.com/bid/102995

http://www.securitytracker.com/id/1040364

https://helpx.adobe.com/security/products/acrobat/apsb18-02.html