Adobe Acrobat and Reader Multiple Security Vulnerabilities

by do son · May 15, 2018

On May 14, local time, Adobe officially released a security notice that fixed several bugs in Adobe Acrobat and Reader, including information disclosure and arbitrary code execution.

The vulnerability is summarized as follows:

Vulnerability type	Vulnerability impact	Importance	CVE number
Double Free	Arbitrary Code Execution	Critical	CVE-2018-4990
Heap Overflow	Arbitrary Code Execution	Critical	CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984
Use-after-free	Arbitrary Code Execution	Critical	CVE-2018-4946, CVE-2018-4952, CVE-2018-4954, CVE-2018-4958, CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE- 2018-4977, CVE-2018-4980, CVE-2018-4983, CVE-2018-4988, CVE-2018-4989
Out-of-bounds write	Arbitrary Code Execution	Critical	CVE-2018-4950
Security Bypass	Information Disclosure	Important	CVE-2018-4979
Out-of-bounds read	Information Disclosure	Important	CVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE- 2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970, CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018- 4981, CVE-2018-4986, CVE-2018-4985
Type Confusion	Arbitrary Code Execution	Critical	CVE-2018-4953
Untrusted pointer dereference	Arbitrary Code Execution	Critical	CVE-2018-4987
Memory Corruption	Information Disclosure	Important	CVE-2018-4965
NTLM SSO hash theft	Information Disclosure	Important	CVE-2018-4993
HTTP POST new line injection via XFA submission	Security Bypass	Important	CVE-2018-4994